Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run exaslct without root in the container #32

Open
tomuben opened this issue Jun 2, 2021 · 0 comments
Open

Run exaslct without root in the container #32

tomuben opened this issue Jun 2, 2021 · 0 comments
Labels
feature Product feature

Comments

@tomuben
Copy link
Collaborator

tomuben commented Jun 2, 2021

Avoid running build of script languages container as root.
The container needs to run temporarily as root in order to create user and groups.
After that, root access is not needed and may cause problems.
A potential way could, be to first create group with the same gid as is set for the docker socket and then create a user with the same uid as the caller and add it to the created group. After that, we drop the root user with su to the created user and call exaslct. This way the user can access the docker socket, but isn't root and writes files with the same uid as the caller. We might need to add the user to an additional group basically all active groups of the caller, such that he can access files or directories of the respective groups. Note: We can't change the owner or group of the docker socket, because we would change it on the host as well.
@tkilias tkilias added the feature Product feature label Jun 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Product feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tkilias @tomuben