Allow edgedb Docker Image to *startup* and run as non-root User #7012
colinbjohnson
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
It seems like the expected configuration for the edgedb Docker Image is to startup as the "root" user and then use "gosu" to switch toa non-root user (such as "edgedb"). What I discovered was that if the directory
/var/lib/edgedb/data
existed and allowed a non-root user to access then the edgedb service can be started and run as a non-root user - no need to use root or gosu at all.My specific Dockerfile is here:
If this is correct the challenge is in finding a way to ensure that the
/var/lib/edgedb/data
is writable by the user utilizing edgedb. This could be accomplished a few different ways/var/lib/edgedb/data
world-writableI actually don't know if this is worth pursuing but the solution we implemented potentially allowed a less complex and (at least in perception - where a certain large enterprise required we have a non-root user specified) more secure image based on the edgedb image.
Beta Was this translation helpful? Give feedback.
All reactions