[RFC] Do not use root as default user [WIP]

[kierenevans]

Connecting to containers as root causes issues with permissions when using cp-remote to sync files, or running commands without realising.

If the build user were to be connected to instead, file permissions for new files would be correct and commands that would create new files in the wrong places (e.g. cache directories owned by www-data) would fail but not cause a site outage.

Invocations of container that need to do privileged things like install software with apt-get, would have to be re-run as sudo container instead.
This would be a breaking change as if people are using container setup, for example in a continuous-pipe.yml, they would need to update it to be sudo container setup.

Either we run container with sudo or we need to go around adding sudo to all commands we run that expecting to be root.

Downstream images will need to switch to root and back again to do their current software installations in their Dockerfiles but we could encapsulate this into container calls as build, e.g. container install_packages one two three would do sudo apt-get update; sudo apt-get install one two three; sudo apt-get clean; # etc

What do you think we should do?

[andytson-inviqa]

sounds ok, but the app user should be used more in some contexts.

[andytson-inviqa]

e.g. if running a PHP script as build user, then that PHP script and it's dependencies has write access to the code