Closed svasek closed 1 year ago
jbergstroem
commented
2 years ago It's always better to run an application under unprivileged user instead of root ;-)
You're not wrong. I think I attempted to do this a good while back but ran into two issues regarding backwards compatability and certain permission concerns. It seems I didn't document it well enough.
Very open to landing it if you can help me build confidence in a seamless upgrade path for all users.
svasek
commented
2 years ago Hi @jbergstroem, What issues have you ran into? I've tested it and it seems it works well. How can I help you?
jbergstroem
commented
2 years ago What issues have you ran into?
Since existing users will have different ownership of files, this needs to be handled. This applies to configs, user storage and so on. Needs proper testing and likely a "upgrade path".
jbergstroem
commented
2 years ago Gonna be testing this a bit now; I think with the recursive ownership it should be safe.
jbergstroem
commented
2 years ago @svasek have tested this pretty extensively now. I don't have a test suite to cover all of this, but I will be writing one test to make sure that the image is not root.
jbergstroem
commented
1 year ago @svasek the problem is that we cant install the mysql client required to import scripts (easier to find with new test suite). Few options:
jbergstroem
commented
1 year ago I'm gonna close this for now - happy to reopen if we for instance choose to embed a cli that can import data within a reasonable file size increase range.
It's always better to run an application under unprivileged user instead of root ;-)