-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more detailed explanations on the reasons why sudo should be avoided #101
Comments
This is actually a quote from the official docker best practices: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user To see the official reasoning in all detail I recommend to have a look at the |
Ok, the source of the message is the official Docker documentation. But, I cannot find in the gosu repository the reasoning you mention. Can you make a citation with this reasoning? |
Have a look at the "Why?" Section of the gosu readme. It refers to a dockerfile for testing purposes. These are all kinds of edge cases that cause problems with `sudo`.
For a detailed description of what complicated behavior `sudo` implies I recommend to read the sudo man-page and their detailed description about signal handling and process model.
…On 12 April 2018 09:26:05 GMT+02:00, VonUniGE ***@***.***> wrote:
Ok, the source of the message is the official Docker documentation.
But, I cannot find in the gosu repository the reasoning you mention.
Can you make a citation with this reasoning?
--
Signed
Sheogorath
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
Thank you for your answer. I understand that sudo is too heavy and complicated if the only goal is to drop privileges from root to a user. But if we want to test an application in different dockerized linux distributions, I think that sudo can still be useful. I would like that dockerfilelint gives a more detailed explanation here, in order to let the user make an informed choice and not just follow a recommendation for which he doesn't understand the reasons. But for now, I have no better formulation to propose... |
If sudo is included in a command, dockerfilelint outputs the following message:
This message should give more detailed explanations (or a link) on the reasons why sudo should be avoided.
There is also a question about this on unix.stackexchange.com : What exactly in the sudo behavior is unpredictable?
The text was updated successfully, but these errors were encountered: