Skip to content

Create non-root app user in Ruby base image#2

Merged
baelter merged 1 commit intomainfrom
non-root-user
Mar 13, 2026
Merged

Create non-root app user in Ruby base image#2
baelter merged 1 commit intomainfrom
non-root-user

Conversation

@baelter
Copy link
Copy Markdown
Member

@baelter baelter commented Mar 11, 2026

Summary

  • Creates a system user app (uid 1000) in the base stage
  • Owns /app directory
  • USER is not set so the build stage keeps root for package installation
  • Downstream Dockerfiles switch with USER app in their runtime stage

Usage in downstream Dockerfile

FROM ghcr.io/84codes/images/ruby:3.4.8 AS app
COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build /app /app
USER app

@baelter
Create non-root app user in Ruby base image
52c2152 
Creates a system user (uid 1000) in the base stage so downstream
Dockerfiles can switch to it with USER app. Not activated here so the
build stage keeps root for package installation.
@baelter baelter marked this pull request as ready for review March 11, 2026 20:36
@baelter baelter requested a review from dentarg March 11, 2026 20:36
@baelter baelter merged commit e822d43 into main Mar 13, 2026
5 checks passed
@baelter baelter deleted the non-root-user branch March 13, 2026 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dentarg dentarg Awaiting requested review from dentarg

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@baelter