[feat]: 🛑 Stop using root account for EmbassyOS

[k0gen]

Prerequisites

• [X] I have searched for existing issues that already suggest this feature, without success.

Describe the Feature Request

With Great Power Comes Great Responsibility. We should transition away from using root in EmbassyOS and instead, use the start9 user as a privileged account thus limiting the potential system damage.

Describe the Use Case

it is inevitable 😈

Describe Preferred Solution

No response

Describe Alternatives

No response

Anything else?

Good security practices:

1. Root account should be used to modify the underlying system.
2. Using the system should be done by the user account.
3. User can elevate his rights to become root.

[ProofOfKeags]

As an operating system, embassyd should be running as root. It pretty much has no other choice. We are already transitioning away from embassy-cli and embassy-sdk requiring root though.

[k0gen]

We are already transitioning away from embassy-cli and embassy-sdk requiring root though.

That is good news.

Filebrowser would be the natural next contender. Files should belong to start9 user so that you could mount filebrowser data directory via sftp and move those TB of images, movies and documents using systems file manager or simple SFTP client software.

[ProofOfKeags]

Good point, it probably should be the case that all files are owned by the start9 user and thats the user that the containers run as as well

[chrisguida]

Would be cool to have an OS feature that allows any username in containers, that way we don't need to adapt every upstream codebase to use start9

[kn0wmad]

Would this also be prerequisite to multi-tenancy?

[kn0wmad]

This is complete, no?