benrubson commented on a change in pull request #469: GUACAMOLE-890: Security:
Allow image to run as non-root user
URL: https://github.com/apache/guacamole-client/pull/469#discussion_r387915547
##########
File path: guacamole-docker/bin/start.sh
##########
@@ -30,7 +30,7 @@
GUACAMOLE_HOME_TEMPLATE="$GUACAMOLE_HOME"
-GUACAMOLE_HOME="$HOME/.guacamole"
+GUACAMOLE_HOME="/tmp/guacamole"
Review comment:
First, this line is due to the fact the user chosen to run the container may
not have a home directory into the container, which would then not start.
Note however that the `guacamole` directory, inside the `tmp` directory, is
only reachable by the user running the container, as shown below, from a
container running this PR :
```
$ ls -l /tmp/
total 12
drwx------ 5 1024 1024 4096 Mar 4 13:02 guacamole
```
> but what if the user decides to try to map through `/etc/guacamole` to a
specific path?
I also do this in my `docker-compose.yml` file, not an issue at all :
```
services:
guacamole:
image: guacamole/guacamole:1.1.0
volumes:
- ./etc:/etc/guacamole:ro
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
