Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not run Composer as root/super user! See https://getcomposer.org/root for details #159

Closed
apolopena opened this issue Dec 17, 2021 · 0 comments
Closed

Do not run Composer as root/super user! See https://getcomposer.org/root for details #159

apolopena opened this issue Dec 17, 2021 · 0 comments
Assignees
@apolopena
Labels
bug Something isn't working passed-dev-qa Optional state. Use this when QAing other peoples fixes in another branch.ready to be merged to main security-risk
Milestone
v1.5 release 🚀

Comments

@apolopena
Copy link
Owner

apolopena commented Dec 17, 2021
edited
Loading

Describe the bug

During the image build the logs show:
Do not run Composer as root/super user! See https://getcomposer.org/root for details

Screenshots

Steps to reproduce

Force the docker image to build, observe the logs

Expected behavior

Security risks that composer warns us about should be heeded.

Additional information

Just ensure any compser commands are not run as sudo so scripts with these commands should omit the sudo command during invocation.
A script can mix non sudo and sudo commands by simply running any command(s) in the script that need sudo explicitly
@apolopena apolopena added the bug Something isn't working label Dec 17, 2021
@apolopena apolopena self-assigned this Dec 17, 2021
@apolopena apolopena added this to the Backlog 🗂 milestone Dec 21, 2021
apolopena added a commit that referenced this issue Feb 8, 2022
@apolopena
🐛 FIX: #159
a567367
@apolopena apolopena added in-dev-qa passed-dev-qa Optional state. Use this when QAing other peoples fixes in another branch.ready to be merged to main and removed in-dev-qa passed-dev-qa Optional state. Use this when QAing other peoples fixes in another branch.ready to be merged to main labels Feb 8, 2022
apolopena added a commit that referenced this issue Feb 8, 2022
@apolopena
🐛 FIX: #159
edc9cbd
@apolopena apolopena added passed-dev-qa Optional state. Use this when QAing other peoples fixes in another branch.ready to be merged to main and removed in-dev-qa labels Feb 8, 2022
@apolopena apolopena mentioned this issue Feb 8, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@apolopena apolopena

Labels
bug Something isn't working passed-dev-qa Optional state. Use this when QAing other peoples fixes in another branch.ready to be merged to main security-risk
Projects
None yet
Milestone
v1.5 release 🚀
Development

No branches or pull requests
1 participant
@apolopena