Closed svasek closed 1 year ago
It's always better to run an application under unprivileged user instead of root ;-)
You're not wrong. I think I attempted to do this a good while back but ran into two issues regarding backwards compatability and certain permission concerns. It seems I didn't document it well enough.
Very open to landing it if you can help me build confidence in a seamless upgrade path for all users.
Hi @jbergstroem, What issues have you ran into? I've tested it and it seems it works well. How can I help you?
What issues have you ran into?
Since existing users will have different ownership of files, this needs to be handled. This applies to configs, user storage and so on. Needs proper testing and likely a "upgrade path".
Gonna be testing this a bit now; I think with the recursive ownership it should be safe.
@svasek have tested this pretty extensively now. I don't have a test suite to cover all of this, but I will be writing one test to make sure that the image is not root.
@svasek the problem is that we cant install the mysql client required to import scripts (easier to find with new test suite). Few options:
I'm gonna close this for now - happy to reopen if we for instance choose to embed a cli that can import data within a reasonable file size increase range.
It's always better to run an application under unprivileged user instead of root ;-)