Other (all?) system's user involved somehow?

Hi guys.

Why Discourse — have not tried any other containers, not Ubuntu nor Docker are my weapon of choice — involves other(all regular ?) users?

When I start Discourse a number of process are started on behalf, for a user which I did not think had anything to do with discourse/container, certainly it is the the user I sudo from, for Discourse deployment. Here:

                │      ├─8*[ruby───8*[{ruby}]]
                │      └─7*[{ruby}]
-> $ ps -Fp 8794
UID          PID    PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
appmgr      8794    8792  0  3829  4320   2 12:17 ?        00:00:00 /bin/bash config/unicorn_launcher -E production -c config/unicorn.conf.rb
-> $ ps -Fp 8792
UID          PID    PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
root        8792    8788  0   562   684   4 12:17 ?        00:00:00 runsv unicorn

Is what I see/get all valid & legitimate? If so then where would some man pages shading more light on it be? Sysadmin of Ubuntu/Docker/Discourse I am still new to.

When you view processes outside of the container it will show the Discourse related processes running as whatever user is UID 1000 on the host.

The reason it does this is because the processes inside the container are running under the container’s UID 1000. :slight_smile:

It’s just an odd quirk of how Docker containers work. :slight_smile:


Yes. That’s expected.

Unicorn is the thing serving pages. Ruby is the language discourse is written in. You can see that unicorn launcher started all of those processes.

If you look at what’s running on your windows or Mac computer you don’t know what all of those things are either. :person_shrugging:

I’m really not sure how you’d go about learning that. Maybe the rails documentation? For a new system administrator there are lots of other things that are more likely to be useful.


Perhaps I left it a bit vague - what puzzled me was the user to whom (some) processes belong. Tools I use for containers and make all my containers rootless — unless network requirements make impossible — those make it nice & clear mapping between/from real UIDs subuids, once can see clearly what is what. Thanks @ClawdiaWolf. I wish those were in official docs (not only code).


It was discussed here as well: