theAkito
commented
2 years ago @agebhar1
Thanks for the help. 🙂
Not sure if I understand correctly.
Do you mean something like this:
[Oracle][oracle]So, I would need to do this:
[Akito][theAkito]?
Closed theAkito closed 2 years ago
theAkito
commented
2 years ago @agebhar1
Thanks for the help. 🙂
Not sure if I understand correctly.
Do you mean something like this:
[Oracle][oracle]So, I would need to do this:
[Akito][theAkito]?
agebhar1
commented
2 years ago @theAkito
[Akito][theAkito]exactly :+1: So, the URI exists only once. theAkito is then on the bottom of the file, like others with more than one occurence.
theAkito
commented
2 years ago @agebhar1
I'm still missing something, apparently...
agebhar1
commented
2 years ago No worries, add the line to the bottom of the the file (README.md):
[Akito]: https://github.com/theAkito@agebhar1
I've added the reference and changed both entries.
Reference
[Akito][Akito]Target
[Akito]: https://github.com/theAkitoThanks @theAkito :+1:
What
userdefdoesThis tool is a more advanced
adduser/useraddfor your Alpine and BusyBox based Docker images.For example, this tool may create a custom OS user with a custom ID inside pre-made Docker images, which perhaps already have a custom user defined and rebuilding the Docker image just to have your custom user in it is not an option.
https://github.com/theAkito/userdef#what
Why
userdefexistsReason 1
Now, more and more server apps try to go with the current meta of being available on Kubernetes, etc. This is a good idea, however it's often not well executed. Almost all of the popular server apps are not cloud-native. Their structure is still of some legacy kind. Examples are Mattermost, Gitea, Nextcloud. These server apps have Helm Charts available. However, applying best practices, especially the ones regarding security are not easy to achieve. Especially, when talking about the
podSecurityContext. ThefsGroupoption is either not respected properly, which leads to broken deployments, or it's not even available and you have to add it yourself to the Helm Chart.For example, take the Gitea Helm Chart as an example. You are allowed to set the
podSecurityContext: https://gitea.com/gitea/helm-chart/src/commit/d94226765d6e1f197a3112e1b1abbcd73a8bea33/values.yaml#L19-L20But, if you provide your custom
fsGroupvalue, then the deployment will be broken. Why? https://github.com/go-gitea/gitea/blob/66f2210feca0b50d305a46a203c2b3d2f4d3790b/Dockerfile.rootless#L39-L48Because the user and group ID of
1000is hard-coded into the Docker image.Now, imagine you have an
sshfsmount, which requires you using the user of the ID9234. The hard-coded1000inside the image breaks usage of thissshfsmount, just because it does not let you define a custom user with a custom ID.To make all this work more smoothly, this tool aims to delete the existing user in that Docker image and then recreate it with your custom user, which has an ID defined by you, instead of being forced to use the randomly chosen hard-coded user ID.
Reason 2
You may just as well use this tool as a better
adduserwhere the actualadduseroruseradd(like the one in Alpine) have arbitrary and unnecessary restrictions, like for example limiting the UID/GID size to 256000.https://github.com/theAkito/userdef#why