Avatar
Keith Mukai 2y ago

The easiest #bitcoin node setup I've tried so far is:

* Debian 12 w/XFCE desktop gui

* Umbrel

Debian installer is good. Simple enough for almost anyone.

Only other task is to get Umbrel installed... in just TWO SIMPLE COMMANDS!

* `apt install curl`

* `curl -L https://umbrel.sh | bash`

BUT THERE'S A "BUT"!!

It's only this simple if I log in as `root`. The user that the setup creates doesn't have `sudo` access. Obv I can add the user to sudoers, but now we're getting deeper into linux and losing the total noob simplicity.

I'm not a linux security expert. At all.

Is it a "Nope, unacceptable!" to install and run the Umbrel docker containers as `root`?

Reply to this note

Please Login to reply.

Discussion

Avatar
Nice and Kind Vic 2y ago

docker always runs as root, its one of its weaknesses

Avatar
Nice and Kind Vic 2y ago

oh actually im wrong about this. newer versions can be run without root and thus constrained..its a bit more setup but can be done

Avatar
thinkmassive 2y ago

It’s about the same amount of setup since you don’t need to mess with group membership anymore.

https://docs.docker.com/engine/security/rootless/

Avatar
nout 2y ago

Yeah, Debian is kinda stupid in this way. I don't think exluding the default account from sudoers helps anything...

Avatar
sudocarlos 2y ago

i think docker always runs things as root. that's why there's podman, lxc and others

Avatar
UNCLE ROCKSTAR 2y ago

> curl -L https://umbrel.sh | bash

lmao

Avatar
Keith Mukai 2y ago

Same tradeoff as a one-click LunaNode btcpay VM. Trust vs convenience to lower the skill barrier to entry.

Simplest possible laptop build ain't gonna be the most secure nor the most sovereign.

Someone suggested RaspiBlitz which has the same installation approach:

It is what it is. 🤷🏻‍♂️

Avatar
optout 2y ago

Noice. But I can't stop mentioning that Umbrel is not fully open/trustworthy....

de
nobody 2y ago

⚡️