security: run Etherpad container as non-root user (fixes #7134) (#7287)

mirror of https://github.com/ether/etherpad-lite.git synced 2026-01-22 18:28:57 +00:00

Change the Docker Compose user from "0:0" (root) to "5001:0" (etherpad user)
to follow security best practices and the principle of least privilege.

The Dockerfile already creates a non-root user 'etherpad' with UID 5001
and GID 0, so this change aligns the docker-compose.yml configuration
with the Dockerfile's security model.

Benefits:
- Reduces attack surface by not running as root
- Follows Docker security best practices
- Aligns with the Dockerfile's existing non-root user setup
- Compatible with OpenShift and other platforms that restrict root containers
- Maintains group permissions (GID 0) for volume access

Fixes #7134

This commit is contained in:

Aditya

2026-01-11 00:58:58 +05:30

• committed by

GitHub

parent adca869be7

commit 9ff003c4c3

No known key found for this signature in database

GPG key ID: B5690EEEBB952194

1 changed files with 1 additions and 1 deletions

									
										2

docker-compose.yml
									
										View file
										
				@ -1,6 +1,6 @@

				services:

				  app:

				    user: "0:0"

				    user: "5001:0"

				    image: etherpad/etherpad:latest

				    tty: true

				    stdin_open: true

Rows
Columns

security: run Etherpad container as non-root user (fixes #7134) (#7287)

2 docker-compose.yml Unescape Escape View file

2

docker-compose.yml

View file