1.3 KiB
1.3 KiB
Postgres
Set up non-root user for container
We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called postgres set up.
- Check if user
postgresexists
cat /etc/passwd | grep postgres
In case the postgres user doesn't exist, please create the user by running
sudo useradd postgres
datafolder ownership Also you need to make sure that thepostgresowner owns the volumes mounted for docker
sudo chown -R postgres:postgres data
sudo chmod 770 data
- Adjust compose.yml
Within
services > postgres > user, make sure to replarepostgreswith the UID of the user on your machine
cat /etc/passwd | grep postgres
About secrets
In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using docker compose directly in the terminal does not work.
Bring up/tear down container
Please use the start.sh to spin up the container
Prerequisites start.sh
- User executing the script is part of the
dockergroup - Environment variable
OP_SERVICE_ACCOUNT_TOKENis set up [check out top-level README.md for more information on how to set this up]