Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apps in container should not run as root #511

Open
baszoetekouw opened this issue Apr 29, 2024 · 2 comments
Open

apps in container should not run as root #511

baszoetekouw opened this issue Apr 29, 2024 · 2 comments
Assignees
@mrvanes

Comments

@baszoetekouw
Copy link
Member

No description provided.

@FlorisFokkinga FlorisFokkinga moved this from New to Todo in SRAM development May 17, 2024
@mrvanes
Copy link
Contributor

mrvanes commented Jun 17, 2024

https://www.howtogeek.com/devops/why-processes-in-docker-containers-shouldnt-run-as-root/

Do we want:

  • Specify USER in our Dockerfiles or
  • Specify user on container run?
  • All containers mapped to one well-known user on the host or
  • Different user for all containers?
  • Align with Bart?

@mrvanes mrvanes moved this from Todo to In progress in SRAM development Jun 17, 2024
@mrvanes
Copy link
Contributor

mrvanes commented Jun 24, 2024

Mental notes:

  • User needs to exist in container's /etc/passwd, so useradd in Dockerfile is required
  • Container uid/gid is used for file access on host, so need to be synced, at least for writing.

To accomplish this /etc/passwd, /etc/group, /etc/shadow (and /home/{user}?) can be volume mounted to the container. Would that suffice?

@mrvanes mrvanes moved this from In progress to Icebox in SRAM development Jul 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrvanes mrvanes

Labels
None yet
Projects
SRAM development
Status: Icebox
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baszoetekouw @mrvanes