Skip to content

specify non-root user in Dockerfile #1503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pkoutsovasilis merged 2 commits into from
Dec 18, 2025
Merged

specify non-root user in Dockerfile #1503

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
89ad8e1
specify non-root user in Dockerfile
pkoutsovasilis Dec 16, 2025
3698c86
chore: add changelog and update README.md
pkoutsovasilis Dec 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Breaking changes

* Package registry container image runs by default as a non-root user (UID 1000). [#1503](https://github.com/elastic/package-registry/pull/1503)

### Bugfixes

### Added
Expand Down
3 changes: 3 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ WORKDIR /package-registry
# Get in config which expects packages in /packages
COPY config.docker.yml /package-registry/config.yml

# Run as non-root user
USER 1000

# Start registry when container is run an expose it on port 8080
EXPOSE 8080
ENTRYPOINT ["./package-registry"]
Expand Down
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,9 @@ docker run --rm -it -p 8080:8080 \
docker.elastic.co/package-registry/package-registry:main
```

> [!IMPORTANT]
> When you mount local package directories into the container (e.g., `-v /path/to/packages:/packages/package-registry`), ensure the mounted directory has proper filesystem permissions allowing UID 1000 to read the files. Alternatively, you can run the container as root using `docker run --user 0 ...` if you encounter permission issues.

**Listening on HTTPS**
```bash
docker run --rm -it -p 8443:8443 \
Expand Down