Closed nzin-appdirect closed 6 years ago
The root group thing was done to make container work in OpenShift clouds (Official guidelines).
AFAIK root group is not privileged, but it could be beneficial to remove unnecessary privileges.
Ok, so we cannot remove the root group? :-) (i have to admit, keeping root group is counter intuitive...)
If you don't want to create special image only for OpenShift or do some nasty hacks, then no. At least that is how I understand it.
ok, I will close the ticket then. I dont want to do ugly hack anywhere! ;-)
In the current Dockerfile, user www-data belongs to root group. When using a security scanner on docker image, CachetHQ raise alarm because operations are done with root group. I think it is not a good practice, so I created this PR. And test it locally But I was not able to make
make test
working properly (on my local Mac)