search

stevearc / pypicloud-docker

Docker image for pypicloud
MIT License
86 stars 34 forks source link

Cannot set user in baseimages #19

Closed wakemaster39 closed 6 years ago

wakemaster39 commented 6 years ago

The way that the py3-baseimage and py2-baseimage are laid out it makes it impossible to specify what the UID and GID are suppose to be without supplying a custom pypicloud-uwsgi.sh.

When it was run as root we could use the uid/gid tags in the config.ini. Using the alpine images we are able to specify the uid/gid through the docker-cli.

Since the pypicloud-uwsgi.sh start up script sets the user to explicitly be pypicloud which it creates inside the image. Setting the uid/gid has no effect on the uwsgi service and it.

stevearc commented 6 years ago

I added an environment variable that should help. You can either specify -e UWSGI_USER=myuser to run uwsgi as that user before start, or you can do -e UWSGI_USER=root to run as root and continue setting the uid/gid via the config file. This will be in the stevearc/pypicloud-1.0 line until I do another pypicloud release, at which point it'll get picked up for 1.0.7 and latest.

wakemaster39 commented 6 years ago

Thanks for the fix @stevearc, but I think there is still an issue with the fix.

The issue I have with the fix is that it uses the non-standard UWSGI_USER. I think the better method is to define the running user like you do in the alpine images. By setting the running user in this manner, I am able to override the UID/GID by adding the --user flag to docker run command or adding it to my compose file. I can still do similar with UWSGI_USER but why use a method that isn't built in?

Also just because I was looking it over, pypicloud-uwsgi.sh should be deleted for both the alpine images since you set a CMD and that script is completely ignored.

I have never used phusion base image or I would submit a PR with the change since I don't know the implications against the init system in the container.

stevearc commented 6 years ago

The reason I added an environment variable instead of using the builtin method is that phusion/baseimage does not support running as a non-root user. See https://github.com/phusion/baseimage-docker/issues/264 for a more in-depth explanation on why that is the case.