You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2019/08/11 06:53:36 UTC
[GitHub] [couchdb-docker] willholley commented on issue #147: Make UID & GID
configurable
willholley commented on issue #147: Make UID & GID configurable
URL: https://github.com/apache/couchdb-docker/issues/147#issuecomment-520205155
At IBM we have some work on this (see
https://access.redhat.com/containers/?tab=overview#/registry.connect.redhat.com/ibm/couchdb2).
If it's of interest to the community, we could contribute it to to
https://github.com/apache/couchdb-docker, though the UX may be a little
different to the existing images at the moment.
On Sun, 11 Aug 2019, 04:25 Ryan Van Antwerp, <no...@github.com>
wrote:
> Thanks for the advice all - I've come to realize that my goal (running on
> OpenShift) is slightly different than the goal discussed here, and much
> more closely related to #71
> <https://github.com/apache/couchdb-docker/issues/71> , (this comment in
> particular
> <https://github.com/apache/couchdb-docker/issues/71#issuecomment-477197028>)
> but I still feel I can contribute in some shape or form. I've narrowed down
> what I believe is feasible to one of the following:
>
> - Make permissions so wide that any uid/gid can be used (at the
> expense of running chmod -R 777 /opt/couchdb which feels like a bad
> idea *outside* of a docker container, but not sure if this is accepted
> practice in the docker world).
> - Modify the image so it can be run completely as couchdb (e.g. --user
> 5984:5984), but no other user. This aligns much more closely with the
> linked PRs above for other images. As an example, you can pull the
> cassandra image above, pass --user, but it will *only* work (for me,
> at least) if you pass the cassandra uid of 999. This checks the "make the
> image able to be run as non-root" box and requires minimal changes, but
> some orchestration frameworks don't let you pick an explicit uid easily as
> far as I can tell.
> - Modify the image so it can be run as any user as long as they belong
> to the root group (the OpenShift model). I suspect I'm not the only person
> who wants to use this on OpenShift. This would however drastically change
> the user/group model, and I'm unsure of any consequences this would
> introduce either within the application itself, or through docker.
> - Don't modify the image at all, and instead contribute documentation
> (somewhere) about how to create a wrapper image so that it can be modified
> in any of the above ways.
>
> Please let me know which approach (if any) you'd like to me to take, and I
> can submit a PR as soon as possible. @wohali <https://github.com/wohali>
> per your note, I've read through the issues you mentioned with respect to
> chmod and performance, and I'll ensure any proposed change won't
> re-introduce those issues.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/couchdb-docker/issues/147?email_source=notifications&email_token=AAAX366ZBSX633UJA5DOAVDQD6BD7A5CNFSM4HMVE4NKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4AZHOQ#issuecomment-520197050>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAAX36ZYHLAVMIMODZAVDVLQD6BD7ANCNFSM4HMVE4NA>
> .
>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services