Production is on root directory

  • 4
    I'm guessing your definition for "production" is flawed
  • 2
    @xewl why?
    This is about some microservices running...
  • 2
    @mhzauser even micro services dont put it on root.

    All application files should be in separate other locations
  • 3
    @zotigapo yes they don’t know about production and architecture...
    But it a “best practice”
  • 1
    Well it's fine to run services as root inside a container. Assuming you have configured the container correctly on host.
  • 0
    @Hubot-0x58 yes, it's still better to run container with unprivileged user in it, cause that prevents possible sandbox escape if your container does got compromised. The idea is if there is a security vulnerability from the service in the container and attacker gains container's root privilege, he will have root access to whatever binds to the container as well. But assuming you have configured the permission on host correctly(don't bind important/unnecessary volumes or devices, have correct file permission on them), it's still fine.
Add Comment