Added ability to run as any UID/on OpenShift

[djcass44]

Signed-off-by: Django Cass django@dcas.dev

Description

This change updates the Dockerfile to modify group and file permissions so that the resulting OpenSearch container can be run as a non-standard Linux user ID. For example, running on OpenShift would require using the anyuid SCC as OpenSearch would throw permission denied errors when not running as 1000:1000.

Behaviour can be confirmed by running:

docker run opensearch # would work
docker run --user=12345:0 opensearch # would fail with permission denied error but now works

As the default user ID is still 1000, this shouldn't cause any backwards compatibility issues.

The if [[ ! "$GID" -eq "0" ]];... check was added to ensure that the Dockerfile behaviour is identical to what it used to be if the GID arg is set to a non-zero value.

Issues Resolved

List any issues this PR will resolve, e.g. Closes [...].

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[Daceian]

I was about to submit an issue for this exact scenario and this PR fixes my problem perfectly. Can we get this one through?

Can confirm it fixes my problem.

[rishabh6788]

@peterzhuamazon Can you please advise on this?

[peterzhuamazon]

Hi we are not using this repo for building docker images. All the building scripts are currently reside here: https://github.com/opensearch-project/opensearch-build/tree/main/docker

Also, I think this is way too open from OpenSearch perspective. Happy to discuss more if you can open an issue in the build repo above 😄 .

Thanks.