playground/docker-claude
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(claude): use built-in node user instead of custom claude user

Browse source 
Drop the addgroup/adduser layer entirely. node:20-alpine already ships
a node user at uid/gid 1000. Update chown and USER directives, and
update the claude-config volume mount path to /home/node/.claude.
This commit is contained in:
docker-claude 2026-04-14 22:50:59 +02:00
parent 0800e4a084
commit 1c489f8636
4 changed files with 12 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -30,8 +30,8 @@ Runs [Claude Code](https://claude.ai/code) inside an isolated Docker environment
└──────────────────────────────────────────────────────────┘
```
- **`claude`** — Claude Code CLI (`node:20-alpine`), UID 1000, on `claude-internal` only
- **`webui`** — Claude Code in a browser terminal via ttyd (`node:20-alpine`), UID 1000, on `claude-internal` only, port 7681
- **`claude`** — Claude Code CLI (`node:20-alpine`), runs as the built-in `node` user (UID 1000), on `claude-internal` only
- **`webui`** — Claude Code in a browser terminal via ttyd (`node:20-alpine`), `node` user (UID 1000), on `claude-internal` only, port 7681
- **`proxy`** — Squid forward proxy (`alpine:3.21`), bridges `claude-internal` ↔ internet with egress allowlist
- **`claude-internal`** — `internal: true`; no default gateway, containers cannot reach the internet directly
- **`proxy-external`** — Standard bridge; proxy sidecar only
@ -161,7 +161,7 @@ Rebuild after changes:
| Control | claude / webui | proxy |
|---|---|---|
| Non-root user | UID 1000 (`claude`) | `squid` user |
| Non-root user | UID 1000 (`node`, built into base image) | `squid` user |
| `no-new-privileges` | yes | yes |
| All capabilities dropped | yes | yes |
| Direct internet access | no (`internal` network only) | allowlisted only |