Closed leveryd closed 8 months ago
Thanks, give is some time to check upstream to see why this doesn't work as expected.
TBH, it doesn't really make sense to me to set USER
at start time. If at all, then USER
should be a build parameter. If we'd want to support setting the user at start time we would have to do the following:
Not only would we likely open up some security holes, this would have to happen at ever start. I don't think it's a good idea. If, however, the purpose is solely to run as root, we could change the variable to "RUN_AS_ROOT", although I don't see why that would make sense either.
We also wanted to switch to the unprivileged image anyway.
My proposal: drop support setting the USER
(the USER
environment variable can still be overwritten by setting it). I would also drop it for httpd. Setting the user may make sense in a classical environment but it doesn't make sense to me in containers.
You are right @theseion. For nginx we don't user the USER
variable at all. It should be set aroud here.
Regarding the proposal, probably it makes sense to drop support for the USER anyway.
I have set USER=root , but the nginx process user is still nginx.