add security section to readme file

better this way
2024-12-14 11:56:31 +01:00 · 2024-12-14 11:54:09 +01:00
2 changed files with 14 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -290,13 +290,23 @@ or use Dotclear buitin update system but themes wiil not be updated.
 * Add mail support.


-### 5. CONTRIBUTING
+### 5. SECURITY
+
+* Nginx master process runs as root and set uid/gid to user www
+* PHP-FPM master process runs as root and set uid/gid to user www
+* Docker image entrypoint runs as root and set runuser to www at its end
+* Dotclear application files are chown to user www
+
+For security report see [SECURITY file](/SECURITY.md) or open a ticket on github repository.
+
+
+### 6. CONTRIBUTING

 This image is an open source project. If you'd like to contribute, please read the [CONTRIBUTING file](/CONTRIBUTING.md).
 You can submit a pull request, or feel free to use any other way you'd prefer.


-### 6. LICENSE
+### 7. LICENSE

 Copyright Jean-Christian Paul Denis
 AGPL-v3 <https://www.gnu.org/licenses/agpl-3.0.html>
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -99,4 +99,5 @@ echo >&2 '└──'
 php-fpm84 -D # FPM must start first in daemon mode
 nginx # Then nginx in no daemon mode

-exec su - www -c "$*"
+# Switch from user root to wwww
+exec runuser -u www "$@"
Author	SHA1	Message	Date
Jean-Christian Denis	7af8fdf898	add security section to readme file	2024-12-14 11:56:31 +01:00
Jean-Christian Denis	19f8849420	better this way	2024-12-14 11:54:09 +01:00