Dockerfile – What user should be the owner for a mount point?

In the docker-compose file, below is the volumes instruction for builder service:

builder:   build: ../../   dockerfile: docker/dev/Dockerfile   volumes:     - ../../target:/wheelhouse   volumes_from:     - cache   entrypoint: "entrypoint.sh"   command: ["pip", "wheel", "-v", "--no-index", "-f /build", "."] 

But, the mountpoint wheelhouse is being created with below permissions within container:

  drwxr-xr-x   2 root   root    4096 Oct 23 15:06 wheelhouse   drwxr-xr-x   4 root   root    4096 Oct 23 15:13 application   drwxr-xr-x   2 root   root    4096 Oct 19 12:13 build 

target folder on docker host has below permissions:

 drwxr-xr-x 2 165536 165536    4096 Oct 23 09:06 target 

As per CIS rules, root is not a recommended owner within container :


root being a owner within container is a securtiy breach to get access to root name space.

As per CIS, which user is recommended owner of mount points? How to set this user?

nautilus/nemo/other file manager – suggestions for more accessible GUI-based owner management?


Short version

TL;DR – When running nemo/nautilus with elevated privileges*, there are a TON of users/groups on the permissions tab… they’re all jammed in non-searchable drop-downs that don’t have any hotkey support. Looking for tweaks/alternate file managers/chmod gui-wrappers so I can change ownership from GUI without the accessibility nightmares. Any suggestions?


More Info

I have several versions of Ubuntu 18.04 installed in Virtualbox. I have primarily been using Cinnamon desktop/nemo up to this point.

Mostly, I am extremely happy with this desktop. But GUI-based ownership changes (from root) are frustrating because a TON of entries are jammed into a drop-down that I can’t search and can’t use hotkeys from (e.g. to press “r” to jump to “root”, etc). Launching terminal is reliable but slow to type out names when I’m in a hurry.

Note: That this isn’t really an issue when running the file manager from non-root accounts as the owner is not editable and only a few groups are displayed.

I generally run into this I am trying to fix botched ownership perms on shared folders that the current user doesn’t own. And it’s generally never as quick and easy as running a single chown -R command.

I have encountered this same accessibility design in:

  • nemo v.3.6.5 (ubuntu 18.04/gnome+cinnnamon)
  • nemo v4.2.3 (in a popular sub-distro that I’m apparently no longer allowed to mention here)
  • nautilus v3.26.4 (ubuntu 18.04/gnome).

Criteria:

I am interested in finding a GUI-based solution that meets these criteria:

  • Works on some flavor of Ubuntu 18.04 / bionic (bc I prefer LTS editions)
  • Decent user accessibility for lists of 50-100 users/groups (e.g. at least attempts to deal with non-trivial list size such as by having hotkey support, search filters, option to hide service accounts, or something else)
  • No issues running under root (e.g. via pkexec or whatever). Only mentioning this because I’ve run across a handful of apps before that flat-out refuse to run under root.

At this point, I’m just hoping somebody knows of an option that I don’t… I don’t particularly care if this is a nemo-specific tweak, a system configuration, some obscure build option, a different file manager/desktop environment, some external app that wraps a gui around chown (as long as I can throw it in a nemo-action and pass it the path), etc. Mostly just looking to avoid the extra runaround of launching terminal and typing out longer names by hand when I’m in a hurry.

* Also, when I say I am “running as root” / “running with elevated privileges”, I mean the option that appears in the nemo/nautilus UI rather than me launching directly with sudo / pkexec / etc.


Steps to view dialog issue:

  1. Create a folder named “test” on desktop or wherever that is owned by non-root account
  2. In Nemo, right-click > “Open as root” > enter password. Or for nautilus, run pkexec env DISPLAY=$ DISPLAY XAUTHORITY=$ XAUTHORITY nautilus to open with admin privileges.
  3. With the admin instance, right-click on the “test” folder > Properties > Permissions tab
  4. Observe that ALL the service accounts and groups are displayed with no means to filter them / no checkbox to hide them. Observe that pressing “R” in the drop-down does NOT jump to or select “root” (or whatever the first account starting with “R” is). In my case there’s something like 50 users displayed (3 of which are non-service accounts) and something like 80 groups displayed (8 of which are not related to service accounts). For me, this is an accessibility nightmare and it makes searching things out almost as painful as needing to launch the terminal and type it out by hand.

What I’ve tried:

I’ll follow-up if I find discover anything that works but so far, I have tried the following:

  • Permit was almost exactly what I am looking for except that it appears to require typing out the names instead of picking from a list/drop-down/etc. Unfortunately, I have absolutely zero GTK skills at the moment (although I might revisit this when I have more time if nobody has better suggestions).
  • Ubuntu 18.04.2/gnome – Couldn’t figure out how to run as root initially but pkexec env DISPLAY=$ DISPLAY XAUTHORITY=$ XAUTHORITY nautilus eventually worked. Not surprisingly, this seems to have the same issue as nemo.
  • Ubuntu 18.04.2/cinnamon – after installing cinnamon and running nemo as mentioned above, this doesn’t do what I am looking for.
  • Kubuntu 18.04 – Couldn’t find a way to launch dolphin as root so not able to test. User/Group fields were grayed out for me when running as the default non-root account on livedisc.

I have not yet tested other file managers (planning to test thunar but not really familiar with what all is out there).


Screenshot

The non-searchable drop-down with lots of entries and no hotkey support that appears in (admin/root/pkexec) nemo and nautilus > properties > Permissions tab.

Non-searchable drop-down with lots of entries and no hotkey support

Office 365 Group Owner not showing in SharePoint group

I created a Team site with an O365 group and it automatically creates the 2 groups, Owners & Members. If you elevate someone from a Member to an Owner, it is reflected in the Group membership (Azure, Teams and Outlook). However, this ‘Owner’ group is not showing in the SharePoint Owner group under Advanced permissions. How does SharePoint know the user has Full control if they don’t exist in the SharePoint default Owners group? There seems like a little disconnect here.

What is the difference between data owner , data custodian and system owner

I just started studying up for the CISSP and am having trouble understanding few concepts.

  • Data Owner
  • Data custodian
  • System owner

Somewhere I read

The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information.

The data custodian (information custodian) is responsible for maintaining and protecting the data

But in practical world, what exactly is the boundary for these roles? Both seems to be protecting data.

Any real-time example helps.

Be the owner of financegen.com – almost 10 years old domain name/(4,685 Unique Visitors)

Dear friend,
I want to sell financegen.com
You will receive the domain name,the logo and website with 83 unique posts. In need, you can use the existing hosting up to November 2019. Though I did not promote it for many years it has some search engine traffic , for the last 30 days 4,685 unique visitors are recorded by cloudflare.
See the logo here…

Be the owner of financegen.com – almost 10 years old domain name/(4,685 Unique Visitors)