potiuk commented on issue #18900: URL: https://github.com/apache/airflow/issues/18900#issuecomment-940811827
> It seems the the airflow group was removed on 2.2.0 and now put into the root group. This is not a good security practice (imho). Why? What kind of security practice it vilolates? What problem it might cause? I'd love to hear some arguments for it. So far I had this discussion several times and no-one was able to say why this would be a bad practices (as oppose to running as `root` user which definitely is a bad practice and there are good arguments for it).. But I am open to hear more arguments. > Is there a reason to have airflow running as root? Yes. That was a deliberate choice. Runnign as `root` group is recommended practice introduced by Open Shift (that's why I claim to say it is not a bad or dangerous practice) - this allows the image to run as arbitrary user as described here https://airflow.apache.org/docs/docker-stack/entrypoint.html#allowing-arbitrary-user-to-run-the-container I am converting this into discussion, as I am eager to hear what are the arguments for `root` group being dangerous. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
