Merge pull request #7365 from NixOS/fix-6979-nobody-user-in-docker

Add nobody user/group to Nix docker image
author: Eelco Dolstra <edolstra@gmail.com> 2022-11-29 11:43:31 +0100
committer: GitHub <noreply@github.com> 2022-11-29 11:43:31 +0100
commit: f904f6a66f2fea3d6a9498dd47284aa8c16fb26d (patch)
tree: 69d168124808dea1f55d2fed1c38214bc6c4c24d
parent: af8a32143b81332553984fae1a6773333304eecb (diff)
parent: 46a6be28bef45640de5344a09d56add7068a9aa4 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/docker.nix b/docker.nix
index bb2b4e7ff..203a06b53 100644
--- a/docker.nix
+++ b/docker.nix
@@ -36,6 +36,17 @@ let
       shell = "${pkgs.bashInteractive}/bin/bash";
       home = "/root";
       gid = 0;
+      groups = [ "root" ];
+      description = "System administrator";
+    };
+
+    nobody = {
+      uid = 65534;
+      shell = "${pkgs.shadow}/bin/nologin";
+      home = "/var/empty";
+      gid = 65534;
+      groups = [ "nobody" ];
+      description = "Unprivileged account (don't use!)";
     };
 
   } // lib.listToAttrs (
@@ -57,6 +68,7 @@ let
   groups = {
     root.gid = 0;
     nixbld.gid = 30000;
+    nobody.gid = 65534;
   };
 
   userToPasswd = (
author	Eelco Dolstra <edolstra@gmail.com>	2022-11-29 11:43:31 +0100
committer	GitHub <noreply@github.com>	2022-11-29 11:43:31 +0100
commit	f904f6a66f2fea3d6a9498dd47284aa8c16fb26d (patch)
tree	69d168124808dea1f55d2fed1c38214bc6c4c24d
parent	af8a32143b81332553984fae1a6773333304eecb (diff)
parent	46a6be28bef45640de5344a09d56add7068a9aa4 (diff)