You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm slightly out of my depth here but I'll try my best to explain.
In the docs, it suggests usage of the deno user over root. This works fine when running my deno container locally, but when running on EC2, with the deno cli --allow-write flag passed, I am unable to write to a mounted disk due to a permissions error:
PermissionDenied: Permission denied (os error 13)
Removing USER deno from my Dockerfile (and falling back to root) fixes this, but I wanted to understand if there are any particular reasons to be aware of, that I should not do this.
Thank you
The text was updated successfully, but these errors were encountered:
You have to ensure that deno USER has write permission for the directory you want to write to (you can change this prior to setting USER deno).
Docker does remove some of these necessities (It's not as important to lock a container down as it would be a real machine) but generally it's good practice to restrict as much as possible (so that if it is compromised it doesn't have sudo access) i.e. "least privileged user".
What I would usually do is set the WORKDIR to /app and have that as owned by the deno user, or alternatively mount a volume.
I'm slightly out of my depth here but I'll try my best to explain.
In the docs, it suggests usage of the
deno
user overroot
. This works fine when running my deno container locally, but when running on EC2, with the deno cli--allow-write
flag passed, I am unable to write to a mounted disk due to a permissions error:Removing
USER deno
from my Dockerfile (and falling back toroot
) fixes this, but I wanted to understand if there are any particular reasons to be aware of, that I should not do this.Thank you
The text was updated successfully, but these errors were encountered: