This might be a basic question but I'm newer to the Linux world. I've been setting up my home server based on Ubuntu Server 16.04 LTS. I setup the SSH server and SAMBA for file sharing on the host. Then I wanted to run some applications. For backup, CrashPlan, and Plex for movie content. I decided to use LXD containers for these solutions but I have struggled to find detailed information. I setup a bridge for my containers to use to my network. I eventually got CrashPlan working on an LXD/LXC container. Though none of the headless solutions for managing CrashPlan worked I ended up using a remote desktop (xrdp) server within the container and the remote desktop application on a remote windows machine.
The story goes on, but to my question.. I'm concerned that with my limited knowledge that my containers might not be a secure as they should be. should I install and run all applications within the container as root? Or should I install programs as another user or in someway that is more secure. If someone could point me to a guide or give some directions on the correct, secure way to install and run applications inside containers that would be great.
but, everything I've read says the root user in the container is an unprivileged user on the host. So does it even matter? All file systems that are shared with the containers are mounted as read-only as well. Any thoughts on that?
Thanks, Jay
The story goes on, but to my question.. I'm concerned that with my limited knowledge that my containers might not be a secure as they should be. should I install and run all applications within the container as root? Or should I install programs as another user or in someway that is more secure. If someone could point me to a guide or give some directions on the correct, secure way to install and run applications inside containers that would be great.
but, everything I've read says the root user in the container is an unprivileged user on the host. So does it even matter? All file systems that are shared with the containers are mounted as read-only as well. Any thoughts on that?
Thanks, Jay