I have been playing around with the x11-window-manager project in the playground and have used that as a guide for a project I am working on.
Is there any way to run the desktop as a non-root user?
Aside from any possible security implications, this is for a commercial project and it plain looks bad to anyone that does not know what the underlying technology is.
Hello @resinio30 thanks for getting in touch!
When the x server is started, everything happens inside the container.
Could you describe which kind of security issues are you concerned about?
My primary concern is trying to explain to a semi-technical customer who has read that you should not run things as root why this time it is ok… and the product really is secure.
I’d rather short circuit that conversation by not having the issue to begin with.
Hi @resinio30 , I haven’t tried, but it might be possible to use the USER directive in your dockerfile to create a user and then I would guess it would be necessary to add that user to the needed groups for x11 (I don’t know those off the top of my head)