Question / Issue Re: Running UniFi in insecure (root) mode #115
Comments
|
There's an environment variable RUNAS_UID0 if you set it to false it will run it as a non root user. Eventually I plan to transition to using non root by default but there are compatibility issues with existing data (I can overcome this by just chowning the files if they're not owned by the proper uid) and issues with binding to ports lower than 1024 (a bit more difficult to overcome) |
|
Yes, that makes sense. However, in the Synology, I do not have a unify user with 999 UID / GUID setup at this point. |
|
The docker container doesn't really care about users on the host, so no need to make a unifi user on the host. |
|
An alternative is Docker user remapping. This means that while the program in the container run with uid 0 in the container, this uid is translated to a high uid, non privileged user on the host system. This means you have the ease of using root in the container, and the security of using a non-root user (e.g. if someone could break out of the container). |
Host operating system
Linux DiskStation 3.10.102 #15266 SMP Mon Mar 26 15:08:22 CST 2018 x86_64 GNU/Linux synology_cedarview_1813+
What tag are you using
latest
Great work on this project Jacob.
Thanks for doing it.
I do have a question:
In my docker log when I start up, I see this entry:
[2018-04-22 22:04:54,333] WARNING: Running UniFi in insecure (root) mode
Why would this be and should I be concerned?
The text was updated successfully, but these errors were encountered: