{"id":25255846,"url":"https://github.com/dgl/65532","last_synced_at":"2025-09-07T16:46:17.923Z","repository":{"id":276246127,"uuid":"928687602","full_name":"dgl/65532","owner":"dgl","description":"Images that run as nonroot","archived":false,"fork":false,"pushed_at":"2025-02-07T05:53:33.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-04T14:41:13.310Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"0bsd","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-07T03:52:22.000Z","updated_at":"2025-02-07T05:53:37.000Z","dependencies_parsed_at":"2025-02-07T05:22:53.255Z","dependency_job_id":"52a1f254-6c0f-4f22-a985-0750222a6e87","html_url":"https://github.com/dgl/65532","commit_stats":null,"previous_names":["dgl/65532"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2F65532","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2F65532/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2F65532/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2F65532/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dgl","download_url":"https://codeload.github.com/dgl/65532/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247415918,"owners_count":20935385,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-12T05:59:54.483Z","updated_at":"2025-04-05T23:45:40.536Z","avatar_url":"https://github.com/dgl.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 65532\n\nWhat? This is the UID of the \"nonroot\" user in Google's\n[distroless](https://github.com/GoogleContainerTools/distroless) images.\n\nSometimes it's useful to have a full image where it has a proper user account\nthat matches this non-root UID.\n\n## Why?\n\n### Running as non-root\n\nIn Kubernetes `runAsNonRoot` is a [good\nidea](https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html).\nIt has some downsides though, many application images can safely run as a\nnon-root user by default, but OS images usually expect a user to customise them\nvia a Dockerfile.\n\nThese are useful to use as an image with [`kubectl\ndebug`](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#ephemeral-container),\namong some other use cases. You probably don't want to base your container on\nthem, just add a non-root user yourself.\n\n### Can't you just set the UID?\n\nSure. Do what you like. The value of this is the image has an actual home\ndirectory which the user owns as well as the UID having an account called\n\"nonroot\".\n\nThe use is mostly for debugging on Kubernetes clusters where you have a\nnamespace configured with the restricted pod security standard that doesn't\nallow root access.\n\n## Using\n\nWith Docker:\n\n```shell\ndocker run -it 65532/debian\n```\n\nWith Kubernetes:\n\n```shell\nkubectl run -it --image=65532/debian test\n```\n\nor more usefully:\n\n```shell\nkubectl debug -it --image=65532/debian:debug --profile=restricted -n namespace pod --target=container\n```\n\n(This needs a version of kubectl that has a restricted profile that matches the\n[restricted PSS](https://github.com/kubernetes/kubernetes/pull/117543), i.e. \u003e=\n1.28. The version of kubectl matters, not the version of any cluster\ncomponents.)\n\nThere are tags matching the codenames of the releases for Debian and Ubuntu,\n`:latest` points at the same place as the upstream tag, as well as a more\nuseful `:debug` [variant](debug/Dockerfile). See also\nhttps://hub.docker.com/u/65532.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdgl%2F65532","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdgl%2F65532","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdgl%2F65532/lists"}