> you want code to run as underprivileged as possible
Agreed.
What do you think about this:
We could set glance's shell to /bin/false but use commands such as the following to run the services:
su -s /bin/sh -c "glance-registry" glance
That way you can't log in as the glance user, but the services still don't require privileges.
> you want code to run as underprivileged as possible
Agreed.
What do you think about this:
We could set glance's shell to /bin/false but use commands such as the following to run the services:
su -s /bin/sh -c "glance-registry" glance
That way you can't log in as the glance user, but the services still don't require privileges.