cloudcontrol icon indicating copy to clipboard operation
cloudcontrol copied to clipboard
verified publisher icon dodevops

Let user set UID used inside cloudcontrol container

Open timdeluxe opened this issue 1 year ago • 5 comments

When started, cloudcontrol runs with UID 1000 (or sometimes 1001, depending on the flavor). On MacOS that is no problem, because Docker Desktop seems to translate that well enough, however on Linux this causes problems, if f.e. terraform wants to create files in the mounted "repo" folder, which is owned by the UID of the desktop user the user works with and therefore terraform does not work correctly, since it can't create files.

Chowning the repo files to 1000 (or 1001) is very ugly and problematic and also world-write is problematic, so the cloud control container should rather work with the same UID the desktop user uses.

The user should be able to set it and the the container should run with that UID.

timdeluxe avatar Aug 21 '24 07:08 timdeluxe

Hmm.. Good question how to achieve that. The cloudcontrol user is created during the build, so it can't really change the user id afterwards... 🤔

How about setting user in the docker-compose file? Does that work?

dploeger avatar Aug 21 '24 08:08 dploeger

Thomas D. tried it:

Attaching to cli-1
cli-1  | 2024/09/03 07:31:37 Setting bash as default shell
cli-1  | ./ccc: open /home/cloudcontrol/.shell: permission denied
cli-1 exited with code 1

Can't we set the container to run with root and chown and su to the right user with the entrypoint script?

timdeluxe avatar Sep 03 '24 07:09 timdeluxe

Then the container would basically run as root, which is discouraged usually. I would only use it as a last resort. There has to be some other way.

dploeger avatar Sep 03 '24 07:09 dploeger

Some sudo stuff maybe?

timdeluxe avatar Sep 03 '24 09:09 timdeluxe

That might be an idea.

dploeger avatar Sep 03 '24 09:09 dploeger