Exec as unprivileged user
#74
Comments
|
Hi there, Have you considered chaining Tini with a tool that does this, such as https://github.com/tianon/gosu or https://github.com/ncopa/su-exec? For example, if you install gosu, then you can use the following to run as an unprivileged (or vice versa - the order of gosu / su-exec and Tini should not matter) |
|
I am definitely open to that. Do you see this as an unnecessary addition? I can understand where you are coming from but would like to avoid additional dependencies if possible. If this is not something that is of interest, I will use the suggested tool. Thanks! |
|
I do feel that Tini serves its users best when it does one thing well (and that's reaping zombies and forwarding the child's exit code :) ). If I were to add user parsing and su / exec, it might take some effort to be as robust / accurate as gosu's or su-exec's, and as these tools evolve, I might fall behind 😢 So, especially for cases like this where there is absolutely no downside to using other tools, I think it's best they remain separate (for cases like #69 where there are no such easily composable tools, I'm totally open to it as long as it doesn't introduce unreasonable complexity / bloat). Thanks! |
I think it would be useful to allow
execing the process in tini as an unprivileged user, and I'm willing to contribute a patch to enable this behavior. I am dealing with a service that handles permissions as described below and this change would be necessary for my adoption of tini in the Docker context.My issue is that I have a service that does not require root privileges and does not expect to be
execed as root. This service creates a user with anologinshell when installed by a package manager. This change would allow the service to still access the file system with the appropriate user permissions without having to modify the packaging to support login for the given user.The text was updated successfully, but these errors were encountered: