run containers with the `svn:svnusers` user instead of `root` #67

Guiorgy · 2024-08-28T14:46:30Z

Instead of running the container as root, it's generally preferable to run with a different user.

The container already contains a svn user inside a svnusers group:

/var/opt/svn $ getent passwd
root:x:0:0:root:/root:/bin/sh
...
nobody:x:65534:65534:nobody:/:/sbin/nologin
svn:x:100:101:svn:/var/svn:/sbin/nologin
/var/opt/svn $

We can use this user, though I couldn't find information on what this user/group is meant for. Also it's not completely clear if the UID and GID are fixed. It would be troublesome if UID or GID changed in an image update (like it happed with Tor docker-obfs4-bridge).

An alternatively could be to use USER 100:101 instead of USER svn:svnusers.

If we go with one of the above, it might be worth to consider moving the root directory to /var/svn (which is owned by svn:svnusers) as shown in the svnserve docs example.

Another option is to create our own user with a large id.

PS. Just out of curiosity, is there a reason to have the test script in two places (./test.sh and ./test/test.sh)?

Guiorgy and others added 2 commits August 28, 2024 18:35

run containers with the svn:svnusers user instead of root

9743175

Merge branch 'main' into rootless

ceae72f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

run containers with the `svn:svnusers` user instead of `root` #67

run containers with the `svn:svnusers` user instead of `root` #67

Guiorgy commented Aug 28, 2024 •

edited

Loading

run containers with the svn:svnusers user instead of root #67

Are you sure you want to change the base?

run containers with the svn:svnusers user instead of root #67

Conversation

Guiorgy commented Aug 28, 2024 • edited Loading

run containers with the `svn:svnusers` user instead of `root` #67

run containers with the `svn:svnusers` user instead of `root` #67

Guiorgy commented Aug 28, 2024 •

edited

Loading