Wirecloud / docker-wirecloud

🐳 Docker Official Image packaging for WireCloud https://conwet.fi.upm.es/wirecloud
Other
8 stars 14 forks source link

Mitigate file permissions problems on volumes #10

Closed aarranz closed 6 years ago

aarranz commented 6 years ago

Docker already provides isolation, so running wirecloud inside docker images using a wirecloud user does not make sense. Moreover, it is a source of problems due file permissions (usually on volumes).

rockneurotiko commented 6 years ago

Actually if you can avoid that, you shouldn't use root for docker images, they don't run in full isolation:

https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b

aarranz commented 6 years ago

Thanks for your advice @rockneurotiko!

I think then, that te best option is to improve the image to mitigate all those file permissions usually happen on volumes.