Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: there is no need to be root when using Docker Compose #3277

Closed
frafra opened this issue Oct 31, 2023 · 4 comments
Closed

docs: there is no need to be root when using Docker Compose #3277

frafra opened this issue Oct 31, 2023 · 4 comments
Labels
needs: user feedback We are waiting for a user to answer questions or provide feedback on our fix type: enhancement New feature or request work: documentation Improvements or additions to documentation
Milestone

Comments

@frafra
Copy link

frafra commented Oct 31, 2023

Problem

Documentation uses sudo to set up Mathesar using Docker compose. There is no need to be root to run docker compose or to run Mathesar.

Proposed solution

Avoid using /etc (leave to the user keeping the conf file there). Just use wget/mv/docker compose without sudo.

@mathemancer
Copy link
Contributor

@frafra What's your OS? Assuming you're on Linux, you'd typically need to add your user to the docker group to avoid sudo, which is a security issue. I suppose you could use the rootless mode from https://docs.docker.com/engine/security/rootless/ , but that comes with a number of limitations, and we had issues getting Mathesar's volume mounts working for a user who tried that in the past.

@seancolsen seancolsen added the work: documentation Improvements or additions to documentation label Nov 2, 2023
@seancolsen seancolsen added this to the v0.1.4 milestone Nov 2, 2023
@seancolsen seancolsen added needs: user feedback We are waiting for a user to answer questions or provide feedback on our fix and removed status: draft labels Dec 5, 2023
@mathemancer
Copy link
Contributor

We're changing our docker compose setup to be less opinionated. While we'll still recommend using sudo for security and feature reasons related to the non-root docker solutions, the user can more easily avoid using it with the new setup.

@mathemancer mathemancer closed this as not planned Won't fix, can't repro, duplicate, stale Dec 21, 2023
@frafra
Copy link
Author

frafra commented Dec 21, 2023

@frafra What's your OS? Assuming you're on Linux, you'd typically need to add your user to the docker group to avoid sudo, which is a security issue. I suppose you could use the rootless mode from https://docs.docker.com/engine/security/rootless/ , but that comes with a number of limitations, and we had issues getting Mathesar's volume mounts working for a user who tried that in the past.

Ubuntu, Docker rootless. Permissioning issues can arise when trying to delete bind mounts created by non-root users within the containers, for example. This can be solved by prepending rootlesskit to the command.

@mathemancer
Copy link
Contributor

@frafra Update: I think the new version of the docker compose setup and associated docs have no need to recommend whether to use sudo or not. I.e., we simply won't give an opinion on it at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs: user feedback We are waiting for a user to answer questions or provide feedback on our fix type: enhancement New feature or request work: documentation Improvements or additions to documentation
Projects
No open projects
Development

No branches or pull requests

3 participants