From 4716454faacfe1166ca3aefeec31ba1e3d806cda Mon Sep 17 00:00:00 2001
From: majinghe <42570491+majinghe@users.noreply.github.com>
Date: Sat, 8 Nov 2025 10:00:14 +0800
Subject: [PATCH] add non root user support for container deployment (#817)

---
 Dockerfile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index be895a67..d45af5c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -64,8 +64,12 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /build/rustfs /usr/bin/rustfs
 COPY entrypoint.sh /entrypoint.sh
 
-RUN chmod +x /usr/bin/rustfs /entrypoint.sh && \
+RUN chmod +x /usr/bin/rustfs /entrypoint.sh
+
+RUN addgroup -g 1000 -S rustfs && \
+    adduser -u 1000 -G rustfs -S rustfs -D && \
     mkdir -p /data /logs && \
+    chown -R rustfs:rustfs /data /logs && \
     chmod 0750 /data /logs
 
 ENV RUSTFS_ADDRESS=":9000" \
@@ -82,8 +86,11 @@ ENV RUSTFS_ADDRESS=":9000" \
     RUSTFS_SINKS_FILE_PATH="/logs"
 
 EXPOSE 9000 9001
+
 VOLUME ["/data", "/logs"]
 
+USER rustfs
+
 ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["rustfs"]