-
Notifications
You must be signed in to change notification settings - Fork 640
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow commands to run as root #631
Comments
Wouldn't it be also a solution (and maybe even the much better one), to fix the group issue in the base image as this is the recommended OpenShift practice anyway ? |
They won't do that: jboss-dockerfiles/wildfly#47 Using a Dockerfile to build an image, I would have full control over the user running the commands. IMHO, its a limitation of the plugin that I cannot do that through config. Reading the impl, here is a workaround that also works for me <assembly>
<basedir>/opt/jboss/wildfly</basedir>
<descriptor>${project.basedir}/standalone/assembly-artifacts.xml</descriptor>
<user>jboss:root:root</user>
</assembly>
<user>jboss</user> Not sure if you intended the user thing to work like this. My PR uses the third part of the assembly user to set the user attribute (if not given) which would then be appended to the Dockerfile. It runs the cmds with the same user as used for chown, which would be root. You may however have good reason to run the cmds less privileged, but the above config still seems awkward. |
You are always free to use a Dockerfile (see config option Of course with an XML based configuration like this you have less degrees of freedom, and have to decide on the order of directives upfront. That works fine for simple builds, which are usually the case. My main point with the PR is, that it depends implicitly on the order of whether the assembly is That's why I said is to make it more explicit by moving this user around than sharing it over a member variable. |
In a perfect world IMHO, there would be no duplication (and perhaps conflicting) config of run user and an explicit config for runCmd user. Still, this may perhaps be over engineered. What is a good reason to not always run the cmds as root? The duplication of run user config is problematic, but can likely not be resolved without breaking compatibility. |
out-of-date |
We have a user case where the wildfly base image does not run on openshift because the user 'jboss' is not in group 'root'
The generated Dockerfile should perhaps place the USER directive at the end and run entries and RUN commands as root.
I'll would provide a PR
CrossRef: wildfly-extras/wildfly-camel#1501
The text was updated successfully, but these errors were encountered: