feat: Use non root user as default user in container image (thanos-io…

…#6107)

Signed-off-by: Timo Haas <haastimo@gmx.de>

CHANGELOG.md

@@ -27,6 +27,7 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re
 - [#6168](https://github.com/thanos-io/thanos/pull/6168) Receiver: Make ketama hashring fail early when configured with number of nodes lower than the replication factor.
 - [#6201](https://github.com/thanos-io/thanos/pull/6201) Query-Frontend: Disable absent and absent_over_time for vertical sharding.
 - [#6212](https://github.com/thanos-io/thanos/pull/6212) Query-Frontend: Disable scalar for vertical sharding.
+- [#6107](https://github.com/thanos-io/thanos/pull/6082) Change default user id in container image from 0(root) to 1001
 
 ### Removed
 

Dockerfile

@@ -5,4 +5,11 @@ LABEL maintainer="The Thanos Authors"
 
 COPY /thanos_tmp_for_docker /bin/thanos
 
+RUN adduser \
+    -D `#Dont assign a password` \
+    -H `#Dont create home directory` \
+    -u 1001 `#User id`\
+    thanos && \
+    chown thanos /bin/thanos
+USER 1001
 ENTRYPOINT [ "/bin/thanos" ]

Dockerfile.multi-arch

@@ -9,4 +9,11 @@ ARG OS="linux"
 
 COPY .build/${OS}-${ARCH}/thanos /bin/thanos
 
+RUN adduser \
+    -D `#Dont assign a password` \
+    -H `#Dont create home directory` \
+    -u 1001 `#User id`\
+    thanos && \
+    chown thanos /bin/thanos
+USER 1001
 ENTRYPOINT [ "/bin/thanos" ]

Dockerfile.multi-stage

@@ -21,4 +21,11 @@ LABEL maintainer="The Thanos Authors"
 
 COPY --from=builder /go/bin/thanos /bin/thanos
 
+RUN adduser \
+    -D `#Dont assign a password` \
+    -H `#Dont create home directory` \
+    -u 1001 `#User id`\
+    thanos && \
+    chown thanos /bin/thanos
+USER 1001
 ENTRYPOINT [ "/bin/thanos" ]