1 |
Hi, |
2 |
|
3 |
On 2019-12-10 12:47, Rich Freeman wrote: |
4 |
> Having UIDs chosen completely at random seems fairly non-optimal. |
5 |
> Suppose you're building containers/etc and then bind-mounting in |
6 |
> persistent storage (/var/lib/mysql and so on). Wouldn't it be nice if |
7 |
> the default were that mysql would get the same UID on every build? I |
8 |
> guess you could provide an initial /etc/passwd on every fresh build |
9 |
> but it just seems like an extra step. |
10 |
|
11 |
While this sounds like a valid problem we are going to address, this |
12 |
sounds like an analysis without practical experience: |
13 |
|
14 |
In practice you will *never* assume proper container <> host user |
15 |
mapping. *Never*. If you do that, you are doing it wrong: |
16 |
|
17 |
- Container sometimes switch base images. You won't notice that unless |
18 |
you follow container provider very closely. But you are using container |
19 |
because you are focused on containerized application, not the container |
20 |
itself... |
21 |
|
22 |
- Container start doing things differently. Again, you won't notice, see |
23 |
above. |
24 |
|
25 |
- Your host is maybe running some real services. You really don't want |
26 |
that a container suddenly become able to access these services just |
27 |
because container <> host mapping has match. |
28 |
|
29 |
No, when you follow best practice you will always pass user/group or use |
30 |
other available mapping solutions. |
31 |
|
32 |
So while it sounds like a valid *goal*, in real world, it isn't. |
33 |
|
34 |
|
35 |
-- |
36 |
Regards, |
37 |
Thomas Deutschmann / Gentoo Linux Developer |
38 |
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |