Starting app as unprivileged user #8
Comments
|
yabawock/buildstep@8b47bc0 makes this part of the created image - I'm not wild about that approach. On the other hand, using root within the container to create a non-privileged user does seem like the only viable way. So yeah maybe this is an aspect of building. So, to recap:
Really, since it seems like the only user that can reliably jump cross-container boundaries, without specific foresight within the container regarding the uids and all, is root, it seems like the user-inside-the-container route is the only viable way to go. As such, it wouldn't be up to this plugin (this plugin can just keep executing with whatever user Docker decides). |
|
And hey, maybe a future Plushu builder will use Dockerfiles or whatever to build app containers, and then it can set the default user, or use some mechanism like that (is it a flag on Anyway, non-privileged users are something within containers, and as such the mechanism by which they are configured should be left up to the build step. |
progrium/buildstep#109 indicates there's some issue in PHP caused by running the apps as root (under "Known Quirks"), and that Heroku doesn't run apps as root.
This plugin could conceivably be altered to not run apps as root (although that would break enter-sandbox, so there'd have to be some thought around how to fix that).
The text was updated successfully, but these errors were encountered: