在多级Dockerfile中重用用户
正如您所知,出于安全原因,如果需要,使用root user execep是不好的。我有一个Dockerfile,用于多阶段步骤在多级Dockerfile中重用用户,docker,dockerfile,Docker,Dockerfile,正如您所知,出于安全原因,如果需要,使用root user execep是不好的。我有一个Dockerfile,用于多阶段步骤 FROM golang:latest AS base WORKDIR /usr/src/app # Create User and working dir RUN addgroup --gid 42000 app RUN useradd --create-home --uid 42000 --gid app app RUN chown -R app:app /usr
FROM golang:latest AS base
WORKDIR /usr/src/app
# Create User and working dir
RUN addgroup --gid 42000 app
RUN useradd --create-home --uid 42000 --gid app app
RUN chown -R app:app /usr/src/app
RUN chmod 755 /usr/src/app
# Compile stage based on Debian
FROM base AS builder
USER app
# Copy form computer to current WORKDIR container
COPY . .
# Exit immediately if a command exits with a non-zero status
RUN set -xue && \
make go-build-linux
# Final stage
FROM debian:latest
USER app
EXPOSE 14001
RUN apt-get update && \
apt-get install -y ca-certificates
WORKDIR /usr/src/app
COPY --from=builder /usr/src/app/server .
CMD ["./server"]
UIDGIDdocker都是从一张来自图像UID=42000GID=42000我不知道有任何建议反对在容器中以
rootsshdroot提示:如果您可以将其配置为在提交codez之前捕获类似的内容,则会抱怨。避免将其构建为
根rootrootDockerfilerootsshd