security: sourcegraph/server runs as `root`
Created by: slimsag
This is a long-standing non-critical security issue, the default execution mode of sourcegraph/server is root:
$ docker run --entrypoint=sh -it sourcegraph/server:3.19.1 -c 'whoami'
rootThis is different than all other Sourcegraph containers which run as a non-root sourcegraph user. Migrating all existing deployments to non-root would be complex.
In this particular case, we aim to deprecate sourcegraph/server as a deployment method in the not-too-distant future so this is merely for tracking purposes.
See also https://github.com/sourcegraph/sourcegraph/issues/13237