search

vespa-engine / vespa

AI + Data, online. https://vespa.ai
https://vespa.ai
Apache License 2.0
5.59k stars 586 forks source link

Change the ownership of /opt/vespa to a non root (uid:0) user from the published Dockerfile #17865

Open nehajatav opened 3 years ago

nehajatav commented 3 years ago

Just wanted to check if there's a possibility to change the ownership of /opt/vespa to a non root (uid:0) user from the published Dockerfile Background: In our firm, our hosted k8s doesnt allow running as privileged user, to work around this, we have to create a new docker image which changes ownership of all folders to non-root user. However, we have restrictions on running commands as root while publishing new Docker image and would be very helpful if the published docker image itself took care of using non-root user like vespa

aressem commented 3 years ago

@nehajatav I will look into this, but please note that this got a later priority. Can you share the Dockerfile you have created with me to get a better understanding of your request ?

test-forum commented 3 years ago 
FROM <docker site>/vespa:latest

**RUN chown -R vespa:vespa  /bin /opt /usr**
USER vespa

RUN chmod -R 755 /opt && \
chmod -R 755 /usr && \
chmod -R 755 /bin

ENTRYPOINT ["<entry script>"]
aressem commented 3 years ago

I will look into changing the owner under /opt/vespa , but for the rest of this is not ours and we will not change owners or permissions.