gosu issue with the 'setuid' bit set

Question

gosu issue with the 'setuid' bit set

majid-akbari opened this issue a year ago · 5 comments

When using gosu in debian12 it returns this error:
"gosu" appears to be installed with the 'setuid' bit set
I need to run a command like gosu root postgres start in docker entrypoint.

Answer 1 · 2023-10-02T15:50:51.000Z

This is the reverse problem of the one gosu was designed to solve, and really isn't officially supported (privilege escalation vs de-escalation). I would recommend sudo for that use case, since it has actual authentication controls (unlike gosu; again, solving different problems).

Answer 2 · 2023-10-02T15:56:21.000Z

Yes, and it is against Docker best practices : )
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

Answer 3 · 2023-10-03T01:15:43.000Z

If you absolutely need functionality similar to sudo, such as initializing the daemon as root but running it as non-root, consider using gosu.

- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user

Note the example that it gives of when to use gosu. gosu is for stepping down from root, not for stepping up to root. If you absolutely need to run something as root in a container, don't step down in the first place (and then use gosu when you are done with root things).