add a placeholder for a bit on nonroot user

hjwp · hjwp · commit 36c3d057fc2a · 2024-04-04T23:10:01.000+01:00
diff --git a/chapter_10_production_readiness.asciidoc b/chapter_10_production_readiness.asciidoc
@@ -660,6 +660,21 @@ $ *git commit -am "Add collectstatic to dockerfile, and new location to gitignor
 ----
 
 
+=== Switching to a nonroot user
+
+TODO: this is definitely a good idea for security, needs writing up.
+
+Dockerfile should gain some lines a bit like this:
+
+.Dockerfile (ch10l0XX)
+====
+[source,dockerfile]
+----
+RUN addgroup --system nonroot && adduser --system --group nonroot
+
+USER nonroot
+----
+
 
 
 === Configuring logging
