I’m currently running Discourse on top of Clear Linux, so it’s not quite a standard base system, but I’ve seen the same behavior with a Discourse installation on Debian too. In the current system I SSH’ed in with my rahim12 user account and did a sudo su before installing and configuring everything relating to the Discourse container. And in my previous tests on Debian I SSH’ed into the system directly as root . So is it normal for some processes like the Unicorn workers to be running under my normal user account, and how did they know to use it? Do they automatically get launched under the Linux UID of 1000 ?
Ahh, interesting, so the host OS is doing a lookup of the username for UID 1000 on the host but it actually belongs to a different UID 1000 inside the container?
And it actually has caught me out a few times because on one of my local dev servers I have a Docker container that has processes that run as UID 1001 (internal container username is WebDev) and on the host OS it shows an account that has been disabled since 2019 but needs to still exist for historical reasons.
Thanks a lot for explaining that, so that’s quite a strange quirk of Docker. As a conventional Linux admin accustomed to manually installing and configuring each and every component in the stack, I’m not entirely comfortable with the opaque containerization paradigm and its automagic setup scripts that pull in dependencies and configurations from a million different sources. But it’s hard to argue with the speed and reproducibility of deploying Discourse and also the Dockerized mail server I’m running, so I’m not complaining.
I probably should have mentioned that it’s a quirk of Docker because it’s a quirk of Linux Containers in general.
Essentially they’re similar to the *BSD jails, but actually much stricter in how they isolate things.
Personally, I’m not a fan of them, but I actually fully understand why Discourse uses Docker. The isolation actually makes it much more difficult for host changes to affect Discourse. In fact, except for a kernel update that broke Docker briefly awhile back, I’ve never had an upgrade of the host break Discourse.