nano-node-docker
nano-node-docker copied to clipboard
Get rid of sudo command usage
Right now the installer script requires root privileges solely cause it requires write access to the mounted volumes of the nano-node
and nano-node-monitor
containers. These two images are setting their volumes ownership to root cause of their internal user structure.
drwxrwxr-x 6 lephleg lephleg 4096 Feb 23 01:39 .
drwxr-xr-x 14 lephleg lephleg 4096 Feb 23 01:37 ..
-rw-rw-r-- 1 lephleg lephleg 2254 Feb 23 01:37 docker-compose.letsencrypt.yml
-rw-rw-r-- 1 lephleg lephleg 1210 Feb 23 01:37 docker-compose.yml
drwxrwxr-x 8 lephleg lephleg 4096 Feb 23 01:37 .git
-rw-rw-r-- 1 lephleg lephleg 199 Feb 23 01:37 .gitignore
drwxr-xr-x 4 root root 4096 Feb 23 01:39 nano-node
-rw-rw-r-- 1 lephleg lephleg 86509 Feb 23 01:37 nano-node-docker.png
drwxr-xr-x 2 root root 4096 Feb 23 01:39 nano-node-monitor
drwxrwxr-x 3 lephleg lephleg 4096 Feb 23 01:39 nano-node-watchdog
-rw-rw-r-- 1 lephleg lephleg 7356 Feb 23 01:37 readme.md
-rw-rw-r-- 1 lephleg lephleg 113562 Feb 23 01:37 screenshot.png
-rw-rw-r-- 1 lephleg lephleg 3 Feb 23 01:39 settings
-rwxrwxr-x 1 lephleg lephleg 9690 Feb 23 01:37 setup.sh
In order to get rid of the sudo
commands, a wrapper Docker image could probably be built which will be extending the original images. The Dockerfile should create a non-root user for the ${USER}
and chown
all the mounted directories from root to him. That way when the bind is going to happen the executing user will match the internal, allowing him to perform any writes.
On the other hand, a wrapper image approach will not permit Watchtower to execute auto-upgrades and maintaining custom images is not an option.
Requires proof of concept and/or further research.