Comment on Docker Backup Stratagy
njordomir@lemmy.world 8 hours agoInteresting username. Are you a fellow student of Internet Comment Etiquette?
I know at least some of my containers use Postgres. Glad to know I inadvertently might have made it easier on myself. I’ll have to look into the users for the db and db containers. I’m a bit lost on that. I know my db has a username and pass I set in the docker compose file and that the process is running with a particular GID UID or whatever. Is that what your talking about?
glizzyguzzler@piefed.blahaj.zone 5 hours ago
I do not know of Internet Comment Etiquette, sorry to disappoint! It’s a username that’s humorous to me and fits a core tenant of mine
Do remember (or put in the .env) the user/pass for your db’s, but they don’t matter much if you know them.
I’m talking about the process, the ‘user: 6969:6969’ in the docker.compose file. If it’s not there the container runs as the user running docker, and unless you’ve got non-root docker going it’ll run the containers as root. Which could be bad, so head that off if you can! Overall, I’d say it’s a low priority, but a real priority. Some naughty container could do bad things with root privilege and some docker vulnerabilities. I’ve never heard of it that kind of attack in the self hosted community, but as self hosting gains traction I worry a legit container will get an attack slipped in somehow and wreck (prob ransomware) root docker installations.
First priority is backup - then you can worry about removing root containers (if you haven’t already done so!).