From 9b484ed9a8349d82af5ab83e152702332175b414 Mon Sep 17 00:00:00 2001 From: Evgeniy Patlan Date: Fri, 23 Sep 2022 12:10:44 +0300 Subject: [PATCH] Improve security permissions in docker images According to docker best practises it is not recommended to run docker with root permissions. So it is better to use `mysql` user to run docker --- mysql-cluster/7.5/Dockerfile | 2 ++ mysql-cluster/7.6/Dockerfile | 2 ++ mysql-cluster/8.0/Dockerfile | 2 ++ mysql-server/5.7/Dockerfile | 2 ++ mysql-server/8.0/Dockerfile | 2 ++ 5 files changed, 10 insertions(+) diff --git a/mysql-cluster/7.5/Dockerfile b/mysql-cluster/7.5/Dockerfile index bfaa7044..dbce2879 100644 --- a/mysql-cluster/7.5/Dockerfile +++ b/mysql-cluster/7.5/Dockerfile @@ -40,6 +40,8 @@ COPY cnf/mysql-cluster.cnf /etc/ ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK CMD /healthcheck.sh + +USER mysql EXPOSE 3306 33060 2202 1186 CMD ["mysqld"] diff --git a/mysql-cluster/7.6/Dockerfile b/mysql-cluster/7.6/Dockerfile index c5682b29..78891a61 100644 --- a/mysql-cluster/7.6/Dockerfile +++ b/mysql-cluster/7.6/Dockerfile @@ -40,6 +40,8 @@ COPY cnf/mysql-cluster.cnf /etc/ ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK CMD /healthcheck.sh + +USER mysql EXPOSE 3306 33060 2202 1186 CMD ["mysqld"] diff --git a/mysql-cluster/8.0/Dockerfile b/mysql-cluster/8.0/Dockerfile index d6f9ac4b..071687de 100644 --- a/mysql-cluster/8.0/Dockerfile +++ b/mysql-cluster/8.0/Dockerfile @@ -42,6 +42,8 @@ COPY cnf/mysql-cluster.cnf /etc/ ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK CMD /healthcheck.sh + +USER mysql EXPOSE 3306 33060 2202 1186 CMD ["mysqld"] diff --git a/mysql-server/5.7/Dockerfile b/mysql-server/5.7/Dockerfile index e343def2..2d3b0db5 100644 --- a/mysql-server/5.7/Dockerfile +++ b/mysql-server/5.7/Dockerfile @@ -39,6 +39,8 @@ COPY docker-entrypoint.sh /entrypoint.sh COPY healthcheck.sh /healthcheck.sh ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK CMD /healthcheck.sh + +USER mysql EXPOSE 3306 33060 CMD ["mysqld"] diff --git a/mysql-server/8.0/Dockerfile b/mysql-server/8.0/Dockerfile index ff603274..d5d43226 100644 --- a/mysql-server/8.0/Dockerfile +++ b/mysql-server/8.0/Dockerfile @@ -39,6 +39,8 @@ COPY docker-entrypoint.sh /entrypoint.sh COPY healthcheck.sh /healthcheck.sh ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK CMD /healthcheck.sh + +USER mysql EXPOSE 3306 33060 33061 CMD ["mysqld"]