feat: custom PUID/PGID

[adripo]

fix: #362

[AnalogJ]

hey @adripo
Thanks for the PR! 🥳

However I'm not quite sure this will work as intended.

• we should name our user scrutiny rather than abc
• /config doesnt exist in Scrutiny. our home dir should be /home/scrutiny
• the main problem is: the scrutiny-web, scrutiny-collector and influxdb processes will still run as root, not the new abc/scrutiny user.

Hope that all makes sense, could you make those changes? Thanks again!

[adripo]

Hi @AnalogJ, I just added the script in a hurry, but I am now working on different issues in this project so I will check all the point that you raised. I agree with your suggestions, but I have one doubt. If I run the main process with the new scrutiny user you will never be able to run it as root anymore because you cannot set id 0 to a different user, right?

[AnalogJ]

We wouldn't start the main process (s6-overlay) with root, instead we would just start the child process as scrutiny.

Once other thing I forgot to mention (that complicates this even further) is that smartctl needs to run as root from what I remember, even within the container.

So only the webapp and influxdb processes can be changed to run under the scrutiny user

[AnalogJ]

Here's an old example for how to update the service files to run as a (non-root) user - just-containers/s6-overlay#207

[EkilDeew]

Once other thing I forgot to mention (that complicates this even further) is that smartctl needs to run as root from what I remember, even within the container.

You could just add the sudo package and allow the scrutiny user to only use smartctl as sudo. ie (in the sudoers file or another file under /etc/sudoers.d) :

scrutiny ALL = (ALL) NOPASSWD:/bin/smartctl