Replace apk tor user with manually generated user

Replace apk tor user with generated toranan user and group to reduce required namespace mapping from 65535 to 102. UID 100 is used to match original tor UID while GID 101 is used to avoid existing group.
dockur · Nov 21, 2024 · d683a33 · d683a33
1 parent 4a85eeb
commit d683a33
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -3,12 +3,15 @@ FROM alpine:edge
 RUN apk add --no-cache curl tor && rm -rf /var/cache/apk/* && \
     sed "1s/^/SocksPort 0.0.0.0:9050\n/" /etc/tor/torrc.sample > /etc/tor/torrc
 
+RUN sed -i '/tor:x:/d' /etc/passwd && sed -i 's/65533:tor/65533:/' /etc/group && \
+    addgroup -g 101 -S toranon && adduser -S -D -H -u 100 -s /sbin/nologin -G toranon -g toranon toranon
+
 EXPOSE 9050 9051
 
 HEALTHCHECK --interval=300s --timeout=15s --start-period=60s --start-interval=10s \
     CMD curl -x socks5h://127.0.0.1:9050 'https://check.torproject.org/api/ip' | grep -qm1 -E '"IsTor"\s*:\s*true'
 
 VOLUME ["/var/lib/tor"]
 
-USER tor
+USER toranon
 CMD ["tor"]