[
https://issues.apache.org/jira/browse/GUACAMOLE-890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17025946#comment-17025946
]
Nick Couchman commented on GUACAMOLE-890:
-----------------------------------------
{quote}
Server processes are usually ment to be run as non-root user, so I think this
report is rather important.
Perhaps it's a minor thing which prevents the guacamole container from starting
using a non-root user ?
In its startup script perhaps ? Some permission issue ?
{quote}
Yes, I understand and agree, and I would not suggest that anyone run something
like Guacamole as a root user. I do not use Docker, but I routinely run as
non-root users in my environment.
My question to you is for you to provide us with more detail on what you're
seeing that prevents you from running as a non-root user? Please help us
understand why this doesn't work, as I believe it should work perfectly fine.
{quote}
If so tiny / non-impacting thing, perhaps we could think about it as a
security improvement for 1.1.0 ?
{quote}
No, the only issues that will be included in 1.1.0 from this point are those
that are considered regressions in functionality. Because we haven't even
determined that there is an issue here, to begin with, let alone what needs to
be changed or the level of effort to change it, we will not alter the 1.1.0
release. The only way this would make it into the 1.1.0 release at this point
is if we determine very quickly that this is a regression due to another change
in 1.1.0. And, even then, it's getting a little late.
> Guacamole/Guacd Docker Process Privilege Drop
> ---------------------------------------------
>
> Key: GUACAMOLE-890
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-890
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-docker
> Reporter: Anthony Boccia
> Priority: Minor
> Labels: docker, security
>
> Hello,
> I noticed after deploying Guacamole in docker that the processes all run as
> the root user. Are there any plans to add support for specifying a user for
> the processes to drop privs to and run as instead of root? I am currently
> doing this rebuilding the containers for guacamole and guacd adding in my own
> user and using docker compose to exec all processes triggered within the
> container as that user. I feel like the option to specify this should be done
> upstream.
> Thank You
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
