Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run containers with the svn:svnusers user instead of root #67

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

run containers with the svn:svnusers user instead of root #67

wants to merge 1 commit into from

Conversation

Guiorgy
Copy link

@Guiorgy Guiorgy commented Aug 28, 2024
edited
Loading

Instead of running the container as root, it's generally preferable to run with a different user.

The container already contains a svn user inside a svnusers group:

/var/opt/svn $ getent passwd
root:x:0:0:root:/root:/bin/sh
...
nobody:x:65534:65534:nobody:/:/sbin/nologin
svn:x:100:101:svn:/var/svn:/sbin/nologin
/var/opt/svn $

We can use this user, though I couldn't find information on what this user/group is meant for. Also it's not completely clear if the UID and GID are fixed. It would be troublesome if UID or GID changed in an image update (like it happed with Tor docker-obfs4-bridge).

An alternatively could be to use USER 100:101 instead of USER svn:svnusers.

If we go with one of the above, it might be worth to consider moving the root directory to /var/svn (which is owned by svn:svnusers) as shown in the svnserve docs example.

Another option is to create our own user with a large id.

PS. Just out of curiosity, is there a reason to have the test script in two places (./test.sh and ./test/test.sh)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Guiorgy