Skip to content
This repository has been archived by the owner on Sep 7, 2023. It is now read-only.

Allow for custom uid/gid for consul user #136

Open
nferch opened this issue Oct 14, 2019 · 3 comments
Open

Allow for custom uid/gid for consul user #136

nferch opened this issue Oct 14, 2019 · 3 comments

Comments

@nferch
Copy link

nferch commented Oct 14, 2019

The uid and gid generated in the container build process is likely to conflict with other services and containers, which is operationally inconvenient and could lead to security issues.

Could the container allow for a uid/gid to be passed via an environment variable?

Alternatively, choosing a higher static uid/gid would make it less likely to conflict with another service or container.

@otto-dev
Copy link

otto-dev commented Nov 2, 2019

Came here to say this. Also, in some cases the UID needs to be predictable for permission management.

@otto-dev
Copy link

otto-dev commented Nov 2, 2019

In the meantime, you can use CONSUL_DISABLE_PERM_MGMT #129 and specify what user the container should run under manually (--user flag)

This workaround means the process is now running as the container's root user, so you are exchanging one concern for another

@isaaccarrington
Copy link

I'm going to raise a PR. Relates to hashicorp/consul-k8s#347

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants