Last User Is 'root'
- Query id: 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae
- Query name: Last User Is 'root'
- Platform: Dockerfile
- Severity: High
- Category: Best Practices
- CWE: 250
- URL: Github
Description¶
Leaving the last user as root can cause security risks. Change to another user after running the commands the need privileges
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Code samples without security vulnerabilities¶
Negative test num. 2 - dockerfile file
FROM golang:1.16 AS builder
WORKDIR /go/src/github.com/foo/href-counter/
RUN go get -d -v golang.org/x/net/html
COPY app.go ./
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .
USER root
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /go/src/github.com/foo/href-counter/app ./
CMD ["./app"]
RUN useradd -ms /bin/bash patrick
USER patrick