From 23685020e633ba41f12d9d6fa415b4f61d353189 Mon Sep 17 00:00:00 2001
From: RinZ27 <222222878+RinZ27@users.noreply.github.com>
Date: Fri, 30 Jan 2026 22:36:45 +0700
Subject: [PATCH] chore: run container as non-root user

---
 .../other-3000a7752c41a4776f985fed358751406c3f5f29.json   | 7 +++++++
 Dockerfile                                                | 8 +++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 .changes/next-release/other-3000a7752c41a4776f985fed358751406c3f5f29.json

diff --git a/.changes/next-release/other-3000a7752c41a4776f985fed358751406c3f5f29.json b/.changes/next-release/other-3000a7752c41a4776f985fed358751406c3f5f29.json
new file mode 100644
index 00000000000..58ab56e5bb2
--- /dev/null
+++ b/.changes/next-release/other-3000a7752c41a4776f985fed358751406c3f5f29.json
@@ -0,0 +1,7 @@
+{
+  "type": "other",
+  "description": "Run container as non-root user",
+  "pull_requests": [
+    "[#2934](https://github.com/smithy-lang/smithy/pull/2934)"
+  ]
+}
diff --git a/Dockerfile b/Dockerfile
index c31beab9205..4992f070a5a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -42,4 +42,10 @@ RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
 RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf
 ENV JAVA_TOOL_OPTIONS=-Dfile.encoding=UTF8
 
-ENTRYPOINT [ "/smithy/bin/smithy" ]
+# Add a non-root user and set permissions
+RUN useradd -m smithy && \
+    chown -R smithy:smithy /smithy
+
+USER smithy
+
+ENTRYPOINT [ "/smithy/bin/smithy" ]
\ No newline at end of file