Are there any inherent downsides or risks to changing the default User IDs or Group IDs that come with Apps?
I see that Syncthing and ClamAV specifically default to root. Is this safe? Based on my limited knowledge of these things, I don’t understand why it would need to be assigned to root. Can anyone tell me?
If you change it the apps may fail because they expect a different uid which may be hard coded in the apps framework. And some apps need elevated permissions to run which then defaults to the root user.
Is my understanding correct that an App that’s assigned the root User and Group ID and compromised could create significant problems or are there limitations to these when it involves an App?
Yes it can be a problem. The bigger problem is that some docker images are created with hard coded the user and the container fails to start if it’s not run as e.g. root.
Postgres is a good example because it needs permissions for user 999 and fails to start if you run it as anything else, even root fails
Thank you.
