metaverse / truss

Truss helps you build go-kit microservices without having to worry about writing or maintaining boilerplate code.

Other

736 stars 144 forks source link

Running truss in docker outputs a root owned service in linux #140

Open zaquestion opened 7 years ago

zaquestion commented 7 years ago

138 Introduced a new Dockerfile. When run however the resulting service has the permissions of the docker image's internal `root` user. As such root permissions are required to fix (`chown user output-service`)

This isn't the first time we've dealt with this issue in docker. One might try to use a similar tactic as here: https://github.com/TuneLab/go-truss/pull/69/files#diff-c156c1a4ece69c66740e58eee2ec9cd7 Note since we are using alpine the commands are going to be different.

adamryman commented 7 years ago

Noting here that if

docker cp

is used, then the file into and out of the container have the same permissions as the user which invoked the docker cp command. As apposed to docker volumes, which can vary by system.

This could be useful in fixing this problem. May come back to it sometime myself. But others are welcome.

zaquestion commented 7 years ago

Multi-stage builds should simplify this further: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#use-multi-stage-builds

metaverse / truss

Running truss in docker outputs a root owned service in linux #140

138 Introduced a new Dockerfile. When run however the resulting service has the permissions of the docker image's internal root user. As such root permissions are required to fix (chown user output-service)

138 Introduced a new Dockerfile. When run however the resulting service has the permissions of the docker image's internal `root` user. As such root permissions are required to fix (`chown user output-service`)