Replacing Postinst Scripts
robert_joslyn at selinc.com
robert_joslyn at selinc.com
Thu Nov 19 17:01:27 UTC 2015
> I'm not sure what you're using extra users for, but generally speaking
the
> individual snap confinement makes using users for privilege separation
not
> needed in most cases. I don't believe that we have a permission to allow
a
> snap to create users today, so it would have to be unconfined.
My present use case is simply applications that refuse to run as root,
such as Postgres. I'm not a Postgres expert, but there doesn't appear to
be an easy way to run it as root. Other than this, it seems like there is
still a place for normal users and groups to provide privilege separation
within a single snap. If my snap contains a database, web server, and
other helper utilities, I may still want to maintain some separation of
those components.
--
Robert Joslyn
Software Engineer, R&D - Automation
Schweitzer Engineering Laboratories
509-332-1890 ext. 3214
More information about the snappy-app-devel
mailing list