-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
option to prevent --userns=keep-id from setting the value of --workdir option as the HOME #13185
Comments
This seems like it could be a bug? The home directory of the created user should be set to the same directory at the user on the host, from my understanding - workdir should be separate from homedir. @rhatdan @giuseppe Am I wrong here? I don't see anything regarding this in the keep-id documentation, so I don't see any indication this was deliberate. |
I see you are using both I am not sure we should allow this combination. What is your expectation when you specify both |
@giuseppe I think this is required for images that have some special entrypoint which expects to be run as root to chown directories etc... and then switches to the user so it is very useful to run |
Yes I see this as a legitimate use case. I do find it strange that --userns=keep-id would change the behavior. |
@giuseppe: If I didn't specify the
Note that the
but the running user's ID still 1000:1000. Also note that the HOME env variable is |
the behavior AFAICS, doesn't depend on
What you are looking for, IIUC, is a way to customize the entry for IMO, if we want to allow customizing the entry, it should be in a more generic way, something like |
Yes that would be the best way, then allow users to enter free form text. |
@giuseppe: you are correct. My use-case would then look like this using your suggestion:
But there is potential that the user will screw up the value they pass to
|
I am fine with something like was suggested above Now it must be implemented :) Are you interested in opening a PR? Otherwise I can take a look |
If we decide for |
I've played a bit with it and got with: https://github.com/giuseppe/libpod/tree/passwd-entry You can write something like:
What do you think about it? Would it work for you? |
Hi @giuseppe, that would definitely work. |
SGTM --passwd-entry and --group-entry. |
I am not sure we need |
opened a PR: #13616 |
@giuseppe: is there something holding back the merging of the PR? |
It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: containers#13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Thank you @giuseppe! Can't wait to start using this feature. Any idea which version/release this feature will come out in? |
I think the first version where the new feature will be included is 4.1 |
RC1 of podman 4.1 is supposed to be released next week. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind feature
Description
The
-w/--workdir
options seems to have a dual purpose. The option is described as "Working directory inside the container" and that works fine. However in the case that we are specifying the--userns=keep-id
where the UID of the user running podman doesn't exist in the container, a user is created in/etc/passwd
and the user home is set to the value of-w/--workdir
. Without specifying the-w/--workdir
, the behavior seems to be to reuse the image'sWORKDIR
value as the new user's home in/etc/passwd
. There is a use case where we want the working directory (-w/--workdir) of the container to be in any arbitrary directory (e.g./tmp/my/work/directory
) but have the user's home directory preserved from the original value in the image. I'm not sure if I missed something in the documentation or if this is a feature request.Steps to reproduce the issue:
-w/--workdir
option:Note that the running user in the container has a $HOME of
/home/rootless_user
.-w/--workdir
option:Describe the results you received:
In step number #5 above, we see that the
/etc/passwd
entry for the new user has a home directory set to the value of the-w/--workingdir
option I passed in and is verified by echoing the HOME env variable. In step #4 where no-w/--workingdir
option was passed, the/etc/passwd
entry for the new user has a home directory set to/home/rootless_user
which was the value ofWORKDIR
in the Dockerfile and is verified by echoing the HOME env variable.Describe the results you expected:
I'm assuming these results are all expected and so I'm guessing that what I'm looking for is a new feature (e.g. for lack of a better name
--preserve-original-workdir
) such that using that option like this:would result in the following:
Note that
HOME
is/home/rootless_user
and the entry in/etc/passwd
verifies that. Also, thePWD
of the process is correctly in the value I passed to-w/--workdir
.Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
All commands were run from a Vagrant box on MacOS:
The text was updated successfully, but these errors were encountered: