Difference to runuser?

[graste]

I'm wondering what the difference from using "runuser" in entrypoint scripts in comparison to using "gosu"? It's not mentioned in the "alternatives" section of the README and I'm curious. :-)

Thanks for your work!

[tianon]

I wasn't familiar with runuser, but it appears to stay resident:

$ docker run -it --rm buildpack-deps:buster-scm runuser --preserve-environment --user nobody -- ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   6116  2492 pts/0    SNs+ 00:11   0:00 runuser --prese
nobody       6  0.0  0.0   7636  2684 pts/0    RN+  00:11   0:00 ps aux

[tianon]

Also, from https://manpages.debian.org/buster/util-linux/setpriv.1.en.html (speaking of setpriv, which also comes from util-linux):

In comparison to su(1) and runuser(1), setpriv(1) neither uses PAM, nor does it prompt for a password. It is a simple, non-set-user-ID wrapper around execve(2), and can be used to drop privileges in the same way as setuidgid(8) from daemontools, chpst(8) from runit, or similar tools shipped by other service managers.