Change user to be valid for wordpress-hardened

riotkit-org · May 19, 2022 · 82bdd47 · 82bdd47
1 parent 6ebf323
commit 82bdd47
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -60,7 +60,7 @@ ADD container-files/opt/build/entrypoint /opt/build/entrypoint
 RUN cd /opt/build/entrypoint && make build install
 RUN mkdir -p /tmp /.config /.config/caddy \
     && touch /etc/caddy/Caddyfile /tmp/.pid /etc/caddy/rules/wordpress/rules.conf \
-    && chown -R 65168:65168 /etc/caddy/Caddyfile /tmp /etc/caddy/rules/wordpress/ /etc/caddy/rules/wordpress/rules.conf /.config
+    && chown -R 65161:65161 /etc/caddy/Caddyfile /tmp /etc/caddy/rules/wordpress/ /etc/caddy/rules/wordpress/rules.conf /.config
 
 
 # ===========================================================================================
@@ -98,7 +98,7 @@ COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 # pre-validate default configuration
 RUN ["/usr/bin/entrypoint", "/usr/bin/caddy", "validate", "-config", "/etc/caddy/Caddyfile"]
 
-USER 65168
+USER 65161
 CMD ["/usr/bin/caddy", "run", "-pidfile", "/tmp/.pid", "-config", "/etc/caddy/Caddyfile"]
 
 EXPOSE 8090

diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ Simple WAF reverse-proxy using Caddy and CORAZA WAF, contains few predefined but
 - Contains embedded rulesets e.g. OWASP Core Ruleset, Wordpress-specific
 - Kubernetes and cloud native
 - Perfectly integrates with Wordpress and not only
-- Non-root container (running as `uid=65168`)
+- Non-root container (running as `uid=65161`)
 - Real [distroless image based on scratch](https://hub.docker.com/_/scratch) **with only 2 binaries and few config files inside**
 - Developed purely in Golang, [even entrypoint script was written in Golang instead of Bash](container-files/opt/build/entrypoint/entrypoint.go)
 - Autonomous image, actively maintained by [Dependabot](https://github.com/dependabot) ;-)