Re: [mosquitto-dev] Docker container run as root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Docker container run as root

From: Ben Hardill <hardillb@xxxxxxxxx>
Date: Thu, 13 May 2021 20:11:36 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1

Hi,

Lines 88-89 of the Docker file setup the mosquitto user

And the following is from the mosquitto.conf man page:

user username

    When run as root, change to this user and its primary group on startup. If set to "mosquitto" or left unset, and if the "mosquitto" user does not exist, then mosquitto will change to the "nobody" user instead. If this is set to another value and mosquitto is unable to change to this user and group, it will exit with an error. The user specified must have read/write access to the persistence database if it is to be written. If run as a non-root user, this setting has no effect. Defaults to mosquitto.

    This setting has no effect on Windows and so you should run mosquitto as the user you wish it to run as.

    Not reloaded on reload signal.

So since the mosquitto user exists the running instance will drop it'sprivileges to this user on startup.

So if you want to run as root you can just pass in a `mosquitto.conf`file with `user root`


Ben

On 13/05/2021 19:59, mutt wrote:

Hi,

  I hope this is the right place for this "feature request".
I know it is not a great idea to run as root, but I need to access thecert files (for tls/ssl) in a mounted volume...and these files are 600owned by root in the host (so also in the container).
If there is an alternative way, I'll appreciate any suggestions.
semi-OT: a my curiosity, why does mosquitto process runs as mosquitouser (1883)?
I'm seeing the files:
*https://github.com/eclipse/mosquitto/blob/1c79920d78321c69add9d6d6f879dd73387bc25e/docker/2.0/docker-entrypoint.sh<https://github.com/eclipse/mosquitto/blob/1c79920d78321c69add9d6d6f879dd73387bc25e/docker/2.0/docker-entrypoint.sh>(no "su" cmd)*https://github.com/eclipse/mosquitto/blob/1c79920d78321c69add9d6d6f879dd73387bc25e/docker/2.0/Dockerfile<https://github.com/eclipse/mosquitto/blob/1c79920d78321c69add9d6d6f879dd73387bc25e/docker/2.0/Dockerfile>(no "USER" key)but I don't find out the point where you switch from root to mosquitouser (uid 0 to 1883)
I'm not a docker/linux expert :)

Thanks in advance,
Emanuele

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev


--
https://www.hardill.me.uk/wordpress
https://github.com/hardillb
https://about.me/hardillb
https://flickr.com/photos/hardillb/
https://keybase.io/hardillb

References:
- [mosquitto-dev] Docker container run as root
  - From: mutt

Prev by Date: [mosquitto-dev] Docker container run as root
Next by Date: Re: [mosquitto-dev] odd TLS errors [SOLVED]
Previous by thread: [mosquitto-dev] Docker container run as root
Next by thread: [mosquitto-dev] Optional header mqtt message
Index(es):
- Date
- Thread

Breadcrumbs