running hbbs and hbbr as a simple user is indeed a good idea.
We can do this in 2 way:
1 - run s6 as root and run the services as a normal user
2 - run the whole container as an unprivileged user
The advantage of the first solution is that we can define 2 ENV variables (PGID and PUID) and define user and group ID to use to run the binaries, the downside is that the s6 part of the container is still running as root.
ref. https://github.com/rustdesk/rustdesk-server/issues/424
running hbbs and hbbr as a simple user is indeed a good idea.
We can do this in 2 way: 1 - run s6 as root and run the services as a normal user 2 - run the whole container as an unprivileged user
The advantage of the first solution is that we can define 2 ENV variables (PGID and PUID) and define user and group ID to use to run the binaries, the downside is that the s6 part of the container is still running as root.
The advantage of the second solution is obvious: everything is run with user privileges.
@rustdesk, your opinion?