You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Next-Gen images were suppose to ship with just a root user. That was the plan.
The security gains by using a regular user with sudo access are irrelevant in the world of Docker because:
With sudo they get root privileges anyway
With passwordless sudo, there's no additional security of a password.
Due to legacy image migration concerns, having sudo around would be useful. I'm not sure if useful enough on its own, but there are CircleCI platform features that expect to see a circleci home directory.
With little negative affect to our images and lots of positive affect for migration, we should reintroduce the circleci user to images.
The text was updated successfully, but these errors were encountered:
Other impact besides sudo is anyone caching directories in user's home are restored as an absolute path will all be misses when they move from /home/circleci to /root
The Next-Gen images were suppose to ship with just a
root
user. That was the plan.The security gains by using a regular user with sudo access are irrelevant in the world of Docker because:
sudo
they get root privileges anywayDue to legacy image migration concerns, having sudo around would be useful. I'm not sure if useful enough on its own, but there are CircleCI platform features that expect to see a circleci home directory.
With little negative affect to our images and lots of positive affect for migration, we should reintroduce the
circleci
user to images.The text was updated successfully, but these errors were encountered: