Skip to content

Conversation

kanekoh
Copy link

@kanekoh kanekoh commented Jan 7, 2020

Changes as follows:

  • Give permissions to the root group
  • Set USER as 1001 (non-root user)

I confirmed the container works with restricted SCC on an OpenShift environment.

#15

@aadrian
Copy link
Member

aadrian commented Jan 7, 2020

@kanekoh I'm not sure that hardcoding UID 1001 is a very good idea, since the mounted volumes from the host system will have now a "random" owner with UID 1001 .

@kanekoh
Copy link
Author

kanekoh commented Apr 24, 2020

@aadrian I understand that hardcoding UID is not good idea.

Which of these methods is closer to your thought?

  1. No define "USER" instruction in Dockerfile
    As a default with docker-daemon, it works as a root uid container. However, a user can execute the container as non-root user with the parameter '-u'.

  2. Use "ARG" instruction and set default value to define USERID in Dockerfile
    When the container image build with docker command, specify USERID with --build-arg. So, a user can change UID easily.

...
ARG USERID=1001
...
USER ${USERID}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants