Remove the kafka user #12
Conversation
As we don’t need to be a kafka user, let not be.
|
I'm sorry, but I don't deem this an acceptable way to work around the inherent Docker volume permission difficulty exhibited in #9. For one, I still feel that service-specific users are a good practice and that Docker isolation and security considerations are not well enough understood yet to put users of this image at greater risk unnecessarily (see this thread for one discussion, despite that it's a couple of years old now I believe it mostly still applies). Secondly, this would probably only help with volume permission issues if UIDs coincidentally match up between a bind-mounted host volume and the user inside the container. This is not reliable across different system configurations and Docker host distributions, docker-machine VMs, etc., so it's not a general solution—it pushes the problem around instead of solving it definitively for everyone. The long issue thread on the boot2docker project that I linked from #9 and several other threads linked from there have numerous suggestions that might work for your situation until hopefully Docker can provide a more general solution. As far as I can see, for now this is a case-by-case decision for your particular environment setup and workflow needs, there isn't a one-size-fits-all answer. |
As we don’t need to be a kafka user, let not be.
I know that be a root is never recommended, but does it stil make sense to do everything to not be a root in a docker?
Why stay as a root?
Be as another user is causing some issues around permissions. (#9)