Docker root user
What is a root user?
Linux features a user system that can be used to delegate permissions by assigning different levels of access to users and groups, allowing for fine-grained control over file and system operations.
By default, Docker containers (which are used by Rivet to run your game), run as the root user. This can potentially expose the host system to security vulnerabilities, as the root user has full administrative privileges and can perform any operation on the system. This is particularly risky in a Docker environment, where containers often need to interact with the host system.
To mitigate these risks, it's advisable to create and run containers with a non-root user. This principle of least privilege, where a user is given the minimum levels of access necessary to perform their tasks, significantly enhances the security of the system as it limits the potential damage that can result from errors or malicious actions.
How do I run my Docker container as a non-root user?
Here are some examples of how you might add a non-root user to your Dockerfile for various Linux distros. You can replace server
with any username you like.
Dockerfile
FROM ubuntu
WORKDIR /app
COPY . .
RUN useradd server
USER server
CMD run.sh