search

trampgeek / jobeinabox

The dockerfile and doc for building the Docker image JobeInABox
MIT License
12 stars 29 forks source link

Make container runnable as non root user #18

Closed slaudel closed 6 months ago

slaudel commented 6 months ago

Hi there,

as I want to move the jobe container in to our Kubernetes cluster, the container needs to run as non root user. Would it be possible to change the image, to be run as non root?

trampgeek commented 6 months ago

Short answer: no. Jobe runs multiple jobs at once, each running as a different user in a different workspace. Setting this up requires root access.

Jobe was initially designed to run on a separate server, without containerisation. If you were designing jobe to run only in a container, other designs that did not require Jobe access would be possible. For example, each Jobe container could be restricted to run only a single job at a time, and you could configure CodeRunner to use multiple such containers. But this is a major redesign.