Merge pull request #7365 from NixOS/fix-6979-nobody-user-in-docker

Add nobody user/group to Nix docker image
NixOS · Nov 29, 2022 · f904f6a · f904f6a
2 parents af8a321 + 46a6be2
commit f904f6a
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/docker.nix b/docker.nix
@@ -36,6 +36,17 @@ let
       shell = "${pkgs.bashInteractive}/bin/bash";
       home = "/root";
       gid = 0;
+      groups = [ "root" ];
+      description = "System administrator";
+    };
+
+    nobody = {
+      uid = 65534;
+      shell = "${pkgs.shadow}/bin/nologin";
+      home = "/var/empty";
+      gid = 65534;
+      groups = [ "nobody" ];
+      description = "Unprivileged account (don't use!)";
     };
 
   } // lib.listToAttrs (
@@ -57,6 +68,7 @@ let
   groups = {
     root.gid = 0;
     nixbld.gid = 30000;
+    nobody.gid = 65534;
   };
 
   userToPasswd = (