Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Unable to run with user other than UID 1000 #748

Open
k3a opened this issue Apr 27, 2021 · 1 comment
Open

Unable to run with user other than UID 1000 #748

k3a opened this issue Apr 27, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@k3a
Copy link

k3a commented Apr 27, 2021

Describe the bug
Helm makes it possible to define security context like this:

  elasticsearch:
    securityContextCustom:
      fsGroup: 1000
      runAsUser: 1000
      runAsGroup: 1000

Since #34 this works and it is possible to run the container as UID 1000.
Problem is, 1000 is the only possible UID as setting any other unprivileged UID results in permission denied to supervisord log file:

Traceback (most recent call last):
File "/usr/bin/supervisord", line 9, in <module>
load_entry_point('supervisor==4.2.2', 'console_scripts', 'supervisord')()
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/supervisord.py", line 359, in main
go(options)
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/supervisord.py", line 369, in go
d.main()
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/supervisord.py", line 72, in main
self.options.make_logger()
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/options.py", line 1500, in make_logger
backups=self.logfile_backups,
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/loggers.py", line 419, in handle_file
handler = RotatingFileHandler(filename, 'a', maxbytes, backups)
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/loggers.py", line 213, in __init__
FileHandler.__init__(self, filename, mode)
File "/usr/lib/python2.7/site-packages/supervisor-4.2.2-py2.7.egg/supervisor/loggers.py", line 160, in __init__
self.stream = open(filename, mode)
IOError: [Errno 13] Permission denied: '/usr/share/supervisor/performance_analyzer/supervisord.log'

To Reproduce
Steps to reproduce the behavior:

  1. Run as UID 1212
  2. See error
  3. Container terminated

Expected behavior
Container should run fine, as long as data directories are writable by the selected UID.
Logs should be output to stdout/stderr or data directories as /usr/share/ commonly contains mostly "static" files.

Configuration (please complete the following information):

  • ODFE/Kibana version: 1.13.2
  • Distribution: Helm
  • Host Machine: Ubuntu 20.04.1 LTS
@k3a k3a added the bug Something isn't working label Apr 27, 2021
@aelbarkani
Copy link

same here. it seems the image doesn't work fine with Openshift, where UID are random...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@k3a @aelbarkani