willholley commented on issue #155: Incorrect ownership of /opt/couchdb - everything is owned by couchdb URL: https://github.com/apache/couchdb-docker/issues/155#issuecomment-538303929 > The Docker image sets everything under /opt/couchdb to be owned by the couchdb user. This is by design. Production environments (e.g. using Docker Compose / Kubernetes) will generally add additional restrictions to the container context. For example, running as a non root user (gid 0), readonly container filesystem and external storage mounted to /opt/couchdb/data. What is the scenario you have where you see a risk with the current approach? > unrestricted access to all binaries and files installed in the container That's not entirely correct - it should only be scoped to /opt/couchdb - but broadly scoped permissions for the application files are standard practice when combined with the measures described above.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
