Closed wreckedcarzz closed 7 months ago
RouHim
commented
7 months ago Hello @wreckedcarzz, thank you for your feature request. The container runs already as an non root user, are you facing any permission issues? +1 For the timezone configuration.
wreckedcarzz
commented
7 months ago Hi! No issues, but the container runs under my personal account, which does have sudo capabilities. I set up an account specifically for docker containers that has no access beyond /opt/docker and running various containers, so if anything got in and broke out of the container, the worst it could do is trash my volumes/binds, and I can just restore from backup (if I understand that correctly)
I'm new with Linux (vps) admin, though not new to Linux, and so I'm using some webui tools to help me along; according to Webmin's running processes tab, all BeamMP containers are running on my personal account. I could be wrong, but it is my understanding that the user who starts the container (unless overridden) is what the user has available regarding permissions. I have a couple other containers that require root, and I have them overridden with PGID/PUID, and they are running as root as intended. I have a nas at home and I have most containers running with a similar docker-only user, so I am assuming I'm understand all this correctly.
Just trying to allow the least amount of permissions for all my containers (and trying to learn system admin stuff). :)
RouHim
commented
7 months ago Jeah I think you are mixing up the permissions of the container insides and the permissions the container runtime on your machine has. If you have a container that needs elevated permission on your host, your container runtime needs to support that. If the container does not require any permissions of the host system and cannot access it in any way, you do not have to worry about the container runtime on your machine. Just watch out for host invasive permissions like docker privileged mode.
As a tip, have a look at podman which is by design a non root container runtime ;)
wreckedcarzz
commented
7 months ago I've looked at podman a few months ago, as I like the daemon not needing root, but most software devs only have steps for docker deployment. I've read it is theoretically a 1:1 system but in reality I've read posts where there are odd quirks and it's often just knowing how to work around them; I'm not confident that I have the knowledge yet to do that. >.<;
RouHim
commented
7 months ago TZ feature is implemented and can be used.
Hello!
Can I request that support for these environment variables be added? I want to run the container as a non-privileged user (safety); and the datestamps are all in UTC for me, which isn't ideal. I've tried adding those common env var to no effect.
Thanks!