strawman - make the agents not run as root
Tim Penhey
tim.penhey at canonical.com
Tue Dec 17 03:39:37 UTC 2013
Hi folks,
We have been telling people for ever not to run things as root. Most
packages that run systems things create users for that purpose.
Every time I think of our machine and unit agents running as root, I end
up feeling a little guilty. Why is this fine for us?
However, we can't just make a change and expect everything to work.
Firstly there are the charms, they expect "apt-get install" to work, and
if we change our user, it won't.
A suggestion would be to make an option for environment to use non-root
users for the agents, and default it to false. This would allow us to
create environments where we do have non-root users and at least make
sure all our stuff works.
Then we could move to a QA mode where all charms get tested to make sure
that for any privileged action, it uses 'sudo'. This gives us
privileged action logging.
What are your thoughts?
Tim
More information about the Juju-dev
mailing list