greenlight icon indicating copy to clipboard operation
greenlight copied to clipboard
verified publisher icon bigbluebutton

Run puma with nonroot user

Open l00ptr opened this issue 4 years ago • 5 comments

Description

In this MR we make puma / greenlight running under a dedicated user

Testing Steps

Within the directory :

docker build .
docker-compose up -d

Then when everything is running, we can list the process runing insde the greenlight container :

docker exec -ti greenlight-v2 ps auxf

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
greenli+   144  0.0  0.0   1668   912 pts/0    Rs+  14:21   0:00 ps auxf
greenli+     1  0.6  2.1 243588 168068 ?       Ssl  14:14   0:02 puma 4.3.8 (tcp
greenli+   120  0.1  2.3 296900 188216 ?       Sl   14:14   0:00 puma: cluster w

l00ptr avatar Aug 05 '21 14:08 l00ptr

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Aug 05 '21 14:08 sonarqubecloud[bot]

@l00ptr how will update work? we'll need to run a chown for the persistent data one way or another

fireba11 avatar Aug 05 '21 18:08 fireba11

Hi @fireba11,

That's a good question. I think we don't need to chown any data... For what i know there are no persistent data with Greenlight container (all the persistent information are inside the PostgreSQL container). So we can simply remove the Greenlight container and get the new one... but maybe I am wrong.

l00ptr avatar Aug 05 '21 19:08 l00ptr

greenlight by default (as in using the install script) got two volumes defined in the compose: volumes: - ./log:/usr/src/app/log - ./storage:/usr/src/app/storage

fireba11 avatar Aug 06 '21 08:08 fireba11

Yes indeed how did i miss them :'(

Thx for your attention... So i guess we probably need to add some info documentation about this change.

l00ptr avatar Aug 06 '21 13:08 l00ptr