Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

D1Indexer needs to run as non-root user #46

Closed
taojing2002 opened this issue Jan 31, 2023 · 2 comments
Closed

D1Indexer needs to run as non-root user #46

taojing2002 opened this issue Jan 31, 2023 · 2 comments
Assignees
@taojing2002
Milestone
3.0.0

Comments

@taojing2002
Copy link
Collaborator

Currently the d1indexer process is running as the root user in the pods. @vchendrix, @mamelara from ESS-DIVE suggest it should run as a non-root user:

Reasons

  • Need to bind mount node directory
  • Cannot execute ./entrypoint.sh of d1indexer
  • Need to load /etc/passwd at a minimum with UID and GID of needed user

We may run it as the user d1indexer.
@taojing2002 taojing2002 self-assigned this Jan 31, 2023
@taojing2002 taojing2002 added this to the 3.0.0 milestone Jan 31, 2023
@vchendrix
Copy link

@taojing2002 This descriptions captures the requirements.

taojing2002 added a commit that referenced this issue Feb 2, 2023
@taojing2002
The user d1indexer rather than root to run the container.
4b096f7 
#46
@taojing2002
Copy link
Collaborator Author

The work is done. But there is an issue - we should make sure the files which are generated by the Metacat host in the /var/metacat should be readable by the user d1indexer in the d1indexer pods. If it works fine to @vchendrix , I will close the bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@taojing2002 taojing2002

Labels
None yet
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
2 participants
@vchendrix @taojing2002