[RFC] Do not use root as default user [WIP] #307
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
sounds ok, but the app user should be used more in some contexts. |
|
e.g. if running a PHP script as build user, then that PHP script and it's dependencies has write access to the code |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Connecting to containers as root causes issues with permissions when using cp-remote to sync files, or running commands without realising.
If the build user were to be connected to instead, file permissions for new files would be correct and commands that would create new files in the wrong places (e.g. cache directories owned by www-data) would fail but not cause a site outage.
Invocations of
containerthat need to do privileged things like install software with apt-get, would have to be re-run assudo containerinstead.This would be a breaking change as if people are using
container setup, for example in a continuous-pipe.yml, they would need to update it to besudo container setup.Either we run container with sudo or we need to go around adding
sudoto all commands we run that expecting to be root.Downstream images will need to switch to root and back again to do their current software installations in their Dockerfiles but we could encapsulate this into container calls as build, e.g.
container install_packages one two threewould dosudo apt-get update; sudo apt-get install one two three; sudo apt-get clean; # etcWhat do you think we should do?