A simple Go-based tool to step down from root and execute a process as another user, designed for Docker containers.
gosu is a simple Go-based command-line tool that allows a process to step down from root to a non-privileged user and execute another program. It solves the TTY and signal-forwarding issues common with `su` and `sudo`, making it ideal for Docker container entrypoints where clean user switching is required.
Docker container developers and system administrators who need to run processes as non-root users inside containers while avoiding the complexities of `su` or `sudo`.
Developers choose gosu for its simplicity, reliability, and direct integration with Docker's user management. It provides a lightweight, secure alternative for user switching in containerized environments without unnecessary overhead.
Simple Go-based setuid+setgid+setgroups+exec
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Uses exec to replace itself with the target process, avoiding the signal and TTY forwarding issues common with su and sudo, as demonstrated in the README's comparison examples.
Processes user and group specifications identically to Docker's --user flag, ensuring consistency in container environments, as explicitly stated in the README.
Compiled from Go into a single binary with no runtime dependencies, making it lightweight and easy to deploy in containers without extra packages.
Specifically designed for Docker entrypoint scripts to step down from root during container startup, providing a reliable and simple solution for that niche.
The README warns that uses beyond Docker containers could be vulnerable to issues like CVE-2016-2779, limiting its safety in general system administration.
Optimized only for stepping down from root to a user; it lacks features for complex user management, logging, or fine-grained controls compared to sudo.
Requires downloading binaries, GPG verification, and permission setting, which is more involved than using package managers for alternatives like su-exec in Alpine.