search

JetBrains / teamcity-docker-minimal-agent

TeamCity minimal agent docker image sources
https://hub.docker.com/r/jetbrains/teamcity-minimal-agent/
Apache License 2.0
25 stars 30 forks source link

User buildagent has inadequate permissions #39

Open TheBoneJarmer opened 4 years ago

TheBoneJarmer commented 4 years ago

Hi JB

For a good while now I make use of the dockerimage generated by the Ubuntu Dockerfile to setup build agents. However, since commit 5194c8c9764cebc93d2e74f954cbc0fbccf7d59a the default user has been changed from root to buildagent. This has given me several issues.

While trying to run a container using the jetbrains/teamcity-minimal-agent image I hit all sorts of file permission errors. As in, the user builduser is not allowed to write files to the config folder which is mapped to a folder on my host machine, which is a Ubuntu Server 20.04. By modifying my own dockerfile (which uses your image as base) to switch back to user root all the issues were gone.

So my question to you is, why you changed the default user. And also, am I doing something wrong? And is this even related to JetBrains, or is this issue related to Docker in general? Any help would be highly appreciated. Thanks!

With kind regards, TheBoneJarmer

pjmolina commented 4 years ago

Same issues here. It's desiderable to work with the principe of least-privilege. But to prepare the agent for real work we will need to install aditional software that will require root access. Making a sudo apt-get update promps for the buildagent password that seems to be undefined.

pjmolina commented 4 years ago

OK. Found the solution to my problem here: https://www.jetbrains.com/help/teamcity/upgrade-notes.html#UpgradeNotes-AgentDockerimagesrunundernon-rootuser

The trick is to set USER root in custom Dockerfile to be able to install software and change it again at the end of the setup.

TheBoneJarmer commented 4 years ago

The trick is to set USER root in custom Dockerfile to be able to install software and change it again at the end of the setup.

That was actually the first thing I did as well. And that did fix the issue with building the image. But then the issue appeared which I described above. When I boot up a container with my custom image, which is based on this one, the user buildagent would still lack the appropriate rights to create the config folder.