Open Raniz85 opened 1 year ago
@peterzhuamazon @prudhvigodithi Can you take a look at this? Looks like we had a similar issue with helm https://github.com/opensearch-project/helm-charts/issues/384
Hi @Raniz85 we switch the user to 1000 here: https://github.com/opensearch-project/opensearch-build/blob/main/docker/release/dockerfiles/opensearch.al2.dockerfile#L82-L84
In your command, you have --user 176000
specified, so the docker container will run as --user 176000
.
Is there a reason you cannot run as 1000 user here? (Edit: I am not familiar with OpenShift usages, so not sure if they have function to override this)
Thanks.
This is not a bug but a feature request, which we are not having at the moment. Tho user can either modify the existing image or build a custom one with our docker scripts and files: https://github.com/opensearch-project/opensearch-build/tree/main/docker/release
Allowing non-opensearch(1000) user can potential change the structure of the docker image that we designed on. Need more research as we need to proceed on such feature.
cc: @bbarani to comment on this one.
Thanks.
Describe the bug If trying to execute the docker image as someone other than UID 1000 (for example on OpenShift), startup fails with
permission denied
To Reproduce Run docker image as an unprivileged user e.g.
Expected behavior OpenSearch starts successfully
Host/Environment (please complete the following information): OpenSearch 2.7.0 (sha256:55f1f67e7d3645aa838b63a589bce5645154ba275814e52d4638d371ca0f8cb5)
Tested on:
Additional Information This is due to /usr/share/openshift having permission 0700:
There are likely more ownership issues to iron out when running as an unprivileged user.