Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify user in nomad alloc exec #24686

Open
davidlublink opened this issue Dec 17, 2024 · 1 comment
Open

Specify user in nomad alloc exec #24686

davidlublink opened this issue Dec 17, 2024 · 1 comment
Labels
hcc/jira stage/accepted Confirmed, and intend to work on. No timeline committment though. theme/allocation API type/enhancement

Comments

@davidlublink
Copy link

Proposal

docker exec -it -u root abc123 bash

The above docker command allows you to override any 'USER' command specified in the Dockerfile and run bash as root.

There does not seem to be any way to override this user with 'nomad alloc exec'.

Use-cases

This is a useful feature when debugging/troubleshooting some allocations where the operator needs to act as root for a given allocation.

Attempted Solutions

So an operator can work around this limitation by logging into the Nomad client that is running the allocation and from there they can docker exec -it -u root cba321 bash
@tgross
Copy link
Member

tgross commented Dec 17, 2024
edited
Loading

Without digging in too much, I suspect the reason this doesn't already exist is because in non-Docker task drivers we've already had a chance to guard the user selected from the host via controls like client.user.denylist and Sentinel policies. And then in image-isolation tasks like Docker we have little ability to guard which users are acceptable (but also care a lot less). So we'd probably need to wire up all the same set of controls to the Allocation API in order to do so. Still, seems like a reasonable idea. I'll mark it for further roadmapping.

@tgross tgross added theme/allocation API stage/accepted Confirmed, and intend to work on. No timeline committment though. labels Dec 17, 2024
@tgross tgross moved this from Needs Triage to Needs Roadmapping in Nomad - Community Issues Triage Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hcc/jira stage/accepted Confirmed, and intend to work on. No timeline committment though. theme/allocation API type/enhancement
Projects
Nomad - Community Issues Triage
Status: Needs Roadmapping
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tgross @davidlublink