Merge pull request #168 from italia/142-security-enforcemen

satosa proxy started as satosa user
italia · Nov 14, 2024 · 7a052d2 · 7a052d2
2 parents 27a5b53 + cb50f6d
commit 7a052d2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -28,7 +28,9 @@ ENV BASEDIR="/satosa_proxy"
 RUN apk add --update --no-cache tzdata mailcap xmlsec libffi-dev openssl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash jq yq-go pcre-dev
 
 RUN python3 -m venv .venv && . .venv/bin/activate && pip3 install --upgrade pip setuptools \ 
-      && pip3 install -r requirements.txt --ignore-installed --root-user-action=ignore && mkdir $BASEDIR
+      && pip3 install -r requirements.txt --ignore-installed --root-user-action=ignore && mkdir $BASEDIR \
+      && addgroup -S satosa && adduser -S satosa -G satosa \
+      && chown satosa:satosa $BASEDIR
 
 RUN pip list
 

diff --git a/example/uwsgi_setup/uwsgi/uwsgi.ini.docker b/example/uwsgi_setup/uwsgi/uwsgi.ini.docker
@@ -4,8 +4,8 @@ base        = /opt
 
 chdir       = /satosa_proxy
 
-uid         = root
-gid         = root
+uid         = satosa
+gid         = satosa
 
 socket      = 0.0.0.0:10000
 master      = true