Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run Zookeeper container with user 'zookeeper' instead of 'root' #561

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Run Zookeeper container with user 'zookeeper' instead of 'root' #561

wants to merge 2 commits into from

Conversation

janhoy
Copy link

@janhoy janhoy commented Jun 28, 2023
edited
Loading

Change log description

Makes Zookeeper container run as user zookeeper instead of as 'root'

Purpose of the change

Fixes #538

What the code does

Changes user in Dockerfile

How to verify it

Build the image and run Zookeeper. Verify that it runs as user zookeeper.

TODO: The zookeeper POD needs fsGroup: 1000 for this to work, so the mounted data PVC with be owned by the zookeeper group.

@codecov
Copy link

codecov bot commented Jun 28, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (9d283c2) 85.12% compared to head (137ed8f) 85.12%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #561   +/-   ##
=======================================
  Coverage   85.12%   85.12%           
=======================================
  Files          12       12           
  Lines        1613     1613           
=======================================
  Hits         1373     1373           
  Misses        155      155           
  Partials       85       85

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

janhoy
janhoy commented Jun 28, 2023
View reviewed changes
docker/Dockerfile
COPY --from=0 /zu/build/libs/zu.jar /opt/libs/

RUN apt-get -q update && \
chmod +x /usr/local/bin/* && \
chown zookeeper:zookeeper /usr/local/bin/* /opt/libs/* && \
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consolidating all commands in the same RUN will save one Docker layer. While it would probably work to keep these files owned by root it is clearer to let the user own them, as is the case for all files in the upstream image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The pravega zookeeper docker image run as root by default
1 participant
@janhoy