Feature request: Run synapse in Docker as non-root #13190

haslersn · 2022-07-05T17:57:21Z

It would be nice if the official Docker image would run synapse as non-root. This is a good idea for security and sometimes even required by cluster policies.

haslersn · 2022-07-05T18:20:29Z

After looking at docker/start.py, it seems that it drops privileges by switching to UID 991. Is there a reason not to configure the Dockerfile to simply start as UID 991, instead of starting as root? Did somebody already try to docker run synapse with --user 991? Does this work, or will it cause permission problems?

richvdh · 2022-07-05T21:01:05Z

yup, running docker with --user 991 should work fine.

richvdh · 2022-07-05T21:01:18Z

(or for that matter, any other user id)

DMRobertson added T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements. P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches labels Jul 5, 2022

richvdh closed this as completed Jul 5, 2022

alirezaalavi87 mentioned this issue Sep 9, 2023

Docker error: local user with ID 991 does not exist #16285

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature request: Run synapse in Docker as non-root #13190

Feature request: Run synapse in Docker as non-root #13190

haslersn commented Jul 5, 2022

haslersn commented Jul 5, 2022 •

edited

Loading

richvdh commented Jul 5, 2022

richvdh commented Jul 5, 2022

Feature request: Run synapse in Docker as non-root #13190

Feature request: Run synapse in Docker as non-root #13190

Comments

haslersn commented Jul 5, 2022

haslersn commented Jul 5, 2022 • edited Loading

richvdh commented Jul 5, 2022

richvdh commented Jul 5, 2022

haslersn commented Jul 5, 2022 •

edited

Loading