Closed H2so4 closed 4 years ago
Hi thanks for your feedback. I don't want to change the default and break existing deployments of this role.
Fortunately its a default so just override with host var, group var, environment, or playbook var.
Hi,
I understand that you don't want to change the default for that. Though, I'd suggest to add a note in the README that warns about that fact. It might cause a lot of strange errors if the primary group of root isn't root
anymore. Any files created by the root user will be owned by the bin
group which might pose security risks depending on the umask. People will not immediately notice the primary group of root has been changed!
I can open a new issue for that discussion if you want.
nomad_user
user is set toroot
andnomad_group
is set tobin
by default. Therefore, the code below will change the primary group for theroot
user tobin
.This caused an issue with
snap
in my lab server because when I installedmicrok8s
the commands failed with the following errorTook a while to figure out that the error above was caused because the GID for the root user was not
0
. After setting the group for theroot
user back toroot
(gid0
) the issue was resolved.The following shows how
snap
throws the error above whenuid
andgid
are not0
. https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/snap-confine.c#L503-L506Proposal: Set
nomad_user
tonomad
instead ofroot
by default.