gosu issue with the 'setuid' bit set
majid-akbari opened this issue · 5 comments
When using gosu in debian12 it returns this error:
"gosu" appears to be installed with the 'setuid' bit set
I need to run a command like gosu root postgres start
in docker entrypoint.
This is the reverse problem of the one gosu
was designed to solve, and really isn't officially supported (privilege escalation vs de-escalation). I would recommend sudo
for that use case, since it has actual authentication controls (unlike gosu
; again, solving different problems).
Yes, and it is against Docker best practices : )
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
If you absolutely need functionality similar to
sudo
, such as initializing the daemon asroot
but running it as non-root
, consider usinggosu
.- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
Note the example that it gives of when to use gosu
. gosu
is for stepping down from root
, not for stepping up to root
. If you absolutely need to run something as root
in a container, don't step down in the first place (and then use gosu
when you are done with root
things).