-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change image to use non-root user #154
Comments
It's definitely a bummer that gsutil (and perhaps other commands?) seem to have to run as root...
https://cloud.google.com/solutions/best-practices-for-operating-containers#avoid_running_as_root |
Has anyone figured out a manner one can run 'gsutil' cmds with a non-user? |
A bit kludgy, but you can achieve it by mounting
|
Thanks @madworx . appreciate it. |
I would submit a PR but I notice none of the simple PRs have been looked at since January :( But the fix is simple, just set HOME to /tmp so gsutil can write to it as any user
|
#213 was reverted, should this issue be re-opened for now? |
This definitely should be reopened. A root user should never be the default. I have to add security policies to mute alerts because of writes to /root just for gsutil. |
I'm using this docker to generate the credentials json and export to other container using volumes--from. The issue is that we are exporting /root, which is not readable from a common user in another container. Let's change this to a common user
The text was updated successfully, but these errors were encountered: