Rivet

Docker root user

What is a root user?

Linux features a user system that can be used to delegate permissions by assigning different levels of access to users and groups, allowing for fine-grained control over file and system operations.

By default, Docker containers (which are used by Rivet to run your game), run as the root user. This can potentially expose the host system to security vulnerabilities, as the root user has full administrative privileges and can perform any operation on the system. This is particularly risky in a Docker environment, where containers often need to interact with the host system.

To mitigate these risks, it's advisable to create and run containers with a non-root user. This principle of least privilege, where a user is given the minimum levels of access necessary to perform their tasks, significantly enhances the security of the system as it limits the potential damage that can result from errors or malicious actions.

Rivet does not allow uploaded build images to run as the root user.

How do I run my Docker container as a non-root user?

Here are some examples of how you might add a non-root user to your Dockerfile for various Linux distros. You can replace server with any username you like.

Dockerfile

FROM ubuntu

WORKDIR /app
COPY . .

RUN useradd server
USER server

CMD run.sh
Supported protocols
Graceful Exit

Was this page helpful?

Edit Page

On this page

Rivet

Open-source multiplayer infrastructure. Easy, flexible, and affordable.

DiscordTwitterGitHubYouTubeLinkedIn
Legal
This website is not sponsored by or affiliated with Unity Technologies or its affiliates. Unity Trademark(s) are trademark(s) or registered trademark(s) of Unity Technologies or its affiliates in the U.S. and elsewhere. | This website is not sponsored by, affiliated with, or endorsed by Epic Games, Inc. or its affiliates. 'Unreal Engine' is a trademark or registered trademark of Epic Games, Inc. in the U.S. and elsewhere. | The HTML5 Logo by the World Wide Web Consortium (W3C), used under a Creative Commons Attribution 3.0 License. Source | The Godot Engine Logo by the Andrea Calabró, used under a Creative Commons Attribution 4.0 International License. Source | Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark rights in other terms used herein.

© 2024 Rivet Gaming, Inc. All rights reserved.