kerberos-io
No variables PUID and PGID
Seems as if agents are forced to run as '100:101' in container. Not nice. Would be nicer if what now appears to be a standard is used.
environment:
PUID=1005 # User
PGID=102 # Group
othervars=....
This will also allow for required user access outside the container without requiring root. Forgive me if there is already a way to do this.
Thanks you are making a valid point. For the moment we are creating a new user (without root privileges) inside the container. https://github.com/kerberos-io/agent/blob/master/Dockerfile#L96-L99
We might need to change this to allow host user access. Will need to be researched and documented. Thank you for your insights! ;)
Yes please add PUID and GID variables. I recently moved my agent docker container to openmediavault but I think it's failing to record events due to permissions problems and normally this is fixed by having the user/group ID configurable via variables (see also linuxserver's docker containers)
Would this be sufficient (https://docs.linuxserver.io/general/understanding-puid-and-pgid). It mentions:
We are aware that recent versions of the Docker engine have introduced the --user flag. Our images are not yet compatible with this, so we recommend continuing usage of PUID and PGID.
Would this work as well? https://docs.docker.com/engine/reference/run/#user
Currently we create our own user within the agent, and set it as the user: https://github.com/kerberos-io/agent/blob/master/Dockerfile#L134
I believe this could be bypassed as follow:
docker run -p 80:80 --name mycamera --user=uid:gid -d --restart=always kerberos/agent:latest
Just came across this issue, for K8S if I set runAsNonRoot: true, I will also need to set runAsUser: <uid>. @cedricve From the dockerfile I can see there is an non-root user, but there seems not to be an uid set for the user? A static UID would be nice and easier for config
