Drop Root in Dockerfile for Security + Offer to Contribute Helm Chart #761
Description
Hi there,
I'm currently building a Helm chart to run Mailman in Kubernetes, and I have everything working well. I'd love to contribute it back if there's interest.
One major issue I noticed is that the container runs as root by default. For better security, I propose splitting the current docker-entrypoint.sh into two stages:
A docker-root-setup.sh script that runs as root to handle setup tasks (e.g., writing config files).
Then switch to USER 100 and run a modified docker-entrypoint.sh as a non-root user (e.g., mailman).
This approach aligns with container security best practices and would make the image safer to use in production environments.
If you're open to the idea, I’d be happy to help implement this. I can also share the Helm chart I'm building to help others deploy Mailman more easily on Kubernetes.
Let me know your thoughts.
Thanks,
Tim