> On 10 Jan 2022, at 17:52, Steve F <steve.falzon@outlook.com> wrote:
>
> Hello!
>
> Currently dscontainer will start, configure and run ds-389 as a root user. I am wondering if there is support to run as a non-root user?
>
> It is as simple as chown'ing the files to a non privileged user, updating nsslapd-localuser to the correct user, then running dscontainer -r as the unprivileged user?
There is support for it! It appears that recently it broke though so I'm currently looking into it.
The main issue is passing through the usernames from the host to the container. For example, if you do "docker -u dirsrv:dirsrv ..." then the "dirsrv" user in the container needs to exist and have matching uid/gid. But that's not something we can fix or influence sadly, that's something that the operator needs to resolve.
The currently broken functionality is using bare uid/gid, which is how systems like k8s do it, and it appears we have a regression there. I'm looking at it in the next few days and we'll go from there.
If you have any other container questions or issues, please let us know so we can resolve them!
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment