• 2 Posts
  • 29 Comments
Joined 1 year ago
cake
Cake day: October 8th, 2023

help-circle





  • My point of vue is CasaOS / Unraid / Umbrel / … serve a good “first base” with selfhosting. Kind of like a gateway drug: gives you the candy to see how nice it could be but really under the hood, they are lacking a lot of substance.

    I would never advise someone to limit their experience to those tools thought, as they lack so many things that are required for a proper long term selfhosting setup (monitoring, backups, encryptions, reverse-proxy, etc…). It’s a decent start thought.

    Finally one criticism I could make is, unlike what you often read, I think it’s ok to abstract things. But the issue is, if you’re going to abstract away Docker completely you better make sure to offer everything the user needs to deal with their apps, and as far as I can tell, not only it’s not the case, but also those tools kind of tend to be opiniated in questionable ways. I have never used CasaOS thought, so it’s only 3rd party observation














  • Don’t get me wrong, I am fully aware that you need to reduce as much as possible the amount of access something has but as you said:

    you should never have permissions to things you don’t need

    well Cosmos needs to see your files if you want Cosmos to manage your files. It’s that simple. By default its on because it is needed for Cosmos to function. You can remove it, but at the expense of some of the functionalities of the server.

    By the way Cosmos, as a Docker management software, has access to your docker socket. Which mean, you can remove anything you want from the container, technically, it can add it back itself. Having access to the socket means being able to manage the containers, including itself. In other words, having this mount in the docker run command is just a comfort thing, but in term of privilege, whether it’s Cosmos or Portainer or any other docker manager, they have full root access to your system and that’s unavoidable.

    why not have -v /CasaFolder:/mnt/host or something similar

    Because it would require users to always update their Cosmos containers to add additional folders all the time, giving a terrible and very error prone user experience.

    If there is a solution out there, that solves that problem (as in allows Cosmos to continue to work the same without that mount) then I will gladly implement it. But as far as I can see there isn’t such solution