[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ...user that is numeric and within the range...



Thank you so much for helping me with this Ben.

So yes I do need to be ROOT to set those permissions.
I tried to use docker command, but I don't know exactly where it ties in with Openshift's registry. That image is in fact from RedHat's private repository and while I can use it from within Openshift it doesn't look like I can "access" it otherwise (I don't have a license for it, I know it's bad but I can't afford to make the changes to my code in order to use e.g. wildfly).

Oh well, I'll try to avoid using this modified container in the first place.

Thanks!

Candide

On 15 Apr 2016, at 17:14, Ben Parees <bparees redhat com> wrote:
docker inspect on the image you're extending will tell you what user it uses.  that's the one you'll want to set as well.  (or just don't set a USER at all if you can avoid it in your dockerfile.  do you actually need to be root to do that chmod 777 ?)

​docker history <image> will also show you all the statements in its dockerfile, so you can find the USER statement that way.


 

On 15 Apr 2016, at 15:49, Ben Parees <bparees redhat com> wrote:



On Fri, Apr 15, 2016 at 9:36 AM, Candide Kemmler <candide intrinsic world> wrote:
I'm confused by the following message that happens during a build:

Build error: image "172.30.122.240:5000/dev/flx-container sha256:2057c3057d1d44eb43065bb04feabb480b19772be2005ede1be87ad4eb21b76a" must specify a user that is numeric and within the range of allowed users

This happens on an image that I have customized from jboss-webserver-3/webserver30-tomcat7-openshift:1.2

My Dockerfile is as follows:

FROM registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2
RUN mkdir /home/jboss/flx
COPY GeoLiteCity.dat /home/jboss/flx/
USER root
RUN chmod 777 /home/jboss/flx/GeoLiteCity.dat


​by default openshift refuses to run s2i builder images that specify a non-numeric user id, and root is particularly bad (because the builder image is going to run as that user).

If you look at our s2i builder images, you'll see they all specify a numeric USER at the end of the dockerfile:

https://github.com/openshift/sti-nodejs/blob/master/0.10/Dockerfile#L40


Note that the assemble script will run as that USER, so you need to ensure you've setup the permissions in the image appropriately. (ie in that example you see we setup permissions for uid 1001).


 


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



-- 
Ben Parees | OpenShift





-- 
Ben Parees | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]