-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support none root deployment #3000
base: main
Are you sure you want to change the base?
Support none root deployment #3000
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3000 +/- ##
==========================================
- Coverage 51.45% 51.41% -0.05%
==========================================
Files 162 162
Lines 22171 22147 -24
==========================================
- Hits 11408 11386 -22
+ Misses 10105 10103 -2
Partials 658 658
Flags with carried forward coverage won't be shown. Click here to find out more.
|
10e9e32
to
0bd9ed0
Compare
@@ -29,11 +29,28 @@ RUN if [ "$(uname -m)" = "ppc64le" ]; then \ | |||
|
|||
FROM ${BASE_IMAGE} | |||
|
|||
ARG USER_NAME=dragonfly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the default user should be root, please do not to break compatibility with previous versions of dragonfly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the code only adds the none root user and group, the default user is still root.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not change the default root user using command.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not change the default root user using command.
If I understand correctly
- the default user when running container is still root and we can use the dragonfly user by adding user argument
- the binary would belongs to dragonfly/dragonfly can it can still work within root user.
build/images/base/Dockerfile
Outdated
ARG USER_UID=1000 | ||
ARG GROUP_NAME=dragonfly | ||
ARG GROUP_GID=1000 | ||
RUN groupadd -g $GROUP_GID $GROUP_NAME && useradd -u $USER_UID -g $GROUP_GID -m -s /bin/bash $USER_NAME |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove blank line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure
0bd9ed0
to
8e26328
Compare
@@ -29,11 +29,28 @@ RUN if [ "$(uname -m)" = "ppc64le" ]; then \ | |||
|
|||
FROM ${BASE_IMAGE} | |||
|
|||
ARG USER_NAME=dragonfly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not change the default root user using command.
8e26328
to
de37a1b
Compare
@gaius-qi updated as comments |
Signed-off-by: TommyLike <[email protected]>
de37a1b
to
cc02ac6
Compare
Description
Support build and deploy dragonfly within none root user.
Related Issue
Motivation and Context
For security concern, it's better to have process running within none root user.
Screenshots (if appropriate)
Not fully understand the whole picture of draognfly and within this update the seed peer will take several minutes to become ready
Status after 10 minutes of docker compose, the seed peer finally turns into ready.
Types of changes
Checklist