Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
zotigapo7616y@mhzauser even micro services dont put it on root.
All application files should be in separate other locations -
mhzauser186y@zotigapo yes they don’t know about production and architecture...
But it a “best practice” -
Well it's fine to run services as root inside a container. Assuming you have configured the container correctly on host.
-
@Hubot-0x58 yes, it's still better to run container with unprivileged user in it, cause that prevents possible sandbox escape if your container does got compromised. The idea is if there is a security vulnerability from the service in the container and attacker gains container's root privilege, he will have root access to whatever binds to the container as well. But assuming you have configured the permission on host correctly(don't bind important/unnecessary volumes or devices, have correct file permission on them), it's still fine.
Production is on root directory
Lol!
rant