run as user / non root

[brightdroid]

Currently it's not possible to run the container as a different user which should be possible as xeoma does not require root.

$ docker run -ti --rm -u 999:999 coppit/xeoma
*** Killing all processes...
Traceback (most recent call last):
  File "/sbin/my_init", line 414, in <module>
    main(args)
  File "/sbin/my_init", line 330, in main
    import_envvars(False, False)
  File "/sbin/my_init", line 90, in import_envvars
    for envfile in listdir("/etc/container_environment"):
  File "/sbin/my_init", line 74, in listdir
    return sorted(os.listdir(path))
PermissionError: [Errno 13] Permission denied: '/etc/container_environment'

[coppit]

Why? Is it so that files it creates have the right owner?

[brightdroid]

Xeoma can be run as unprivileged user, so it is a huge security improvement.
Good read into the topic:
https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b

[CraziFuzzy]

So, I looked into this a bit, and it appears that the problem is that phusion-baseimage does some things that require root, so no matter what, the container will require to be run as root. However, I believe phusion also has a utility to run individual processes (in this case, xeoma.app) as a different user. But I need to investigate how that is actually accomplished.

[brightdroid]

However, I believe phusion also has a utility to run individual processes (in this case, xeoma.app) as a different user.

This would be great, thank you.