Security Concern: Running Etherpad as Root User in Docker Compose #7134
Description
I am curious about the rationale behind the current Docker Compose configuration for Etherpad, which explicitly sets the user to "0:0", thereby running the application as the root user inside the container. By default, the Etherpad container operates effectively as the non-root user "etherpad". This explicit setting undermines the security benefits associated with running as a non-root user and introduces risks such as privilege escalation and unrestricted file system access.
I recommend removing the user directive or changing it to the default non-root user "etherpad" in both the Docker Compose file and the proposed compose file included in the README.