Wallabag Migration · Michał Góral

Migration of the official Wallabag image to a rootless Podman was a tough one, because internally it starts as a root, runs nginx+fpm as a root (fpm drops privileges), and then it switches user to nobody. It’s a common, but flawed technique, (sidenote: It took me some time to figure out a better way of running things in GWS, where it’s especially hard, because it runs SSH server, which most internet thinks is impossible to run as non-root. It isn’t impossible, but you can login only as a that non-root user, which is exactly what I want in Git server) but it’s reversible with a few changes in config files shipped in the official image. I described it on Wallabag’s issue tracker to help maintainers if they ever wanted to provide a rootless-ready image.