allow image to run as any non-root user/group, fixes #10

2021-04-28 18:29:58 +02:00 · 2021-04-28 18:29:58 +02:00 · 0928070a04
commit 0928070a04
parent 7326e27e8c
3 changed files with 2 additions and 9 deletions
--- a/4
+++ b/4
@ -36,8 +36,8 @@ RUN \
    && mkfifo \
        /etc/s6/services/nginx/supervise/control \
        /etc/s6/services/php-fpm8/supervise/control \
-    && adduser nobody www-data \
-    && chown -R nobody.www-data /etc/s6 /run /srv/* /var/lib/nginx /var/www \
+    && chown -R 65534:82 /etc/s6 /run /srv/* /var/lib/nginx /var/www \
+    && chmod o+rwx /run /var/lib/nginx /var/lib/nginx/tmp \
 # Clean up
    && rm -rf "${GNUPGHOME}" /tmp/* \
    && apk del gnupg
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@ -1,6 +1,3 @@
-# Run as a unique, less privileged user for security reasons.
-user nobody www-data;
-
 # Sets the worker threads to the number of CPU cores available in the system for best performance.
 # Should be > the number of CPU cores.
 # Maximum number of connections = worker_processes * worker_connections
--- a/etc/php8/php-fpm.d/zz-docker.conf
+++ b/etc/php8/php-fpm.d/zz-docker.conf
@ -3,11 +3,7 @@ daemonize = no
 error_log = /dev/stderr

 [www]
-user = nobody
-group = www-data
 listen = /run/php-fpm.sock
-listen.owner = nobody
-listen.group = www-data
 access.log = /dev/null
 clear_env = On
 pm = dynamic