Implement "nss_wrapper" for Debian variants

[tianon]

Closes #359

$ docker build 10
...
Successfully built 8808cf28be91

$ mkdir "$HOME/pgtemp"
$ sudo chown 1000:1000 "$HOME/pgtemp"

$ docker run -it --rm --user 1000:1000 -v "$HOME/pgtemp":/var/lib/postgresql/data 8808cf28be91
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data -l logfile start

****************************************************
WARNING: No password has been set for the database.
         This will allow anyone with access to the
         Postgres port to access your database. In
         Docker's default configuration, this is
         effectively any other container on the same
         system.

         Use "-e POSTGRES_PASSWORD=password" to set
         it in "docker run".
****************************************************
waiting for server to start....2018-05-24 18:47:31.537 UTC [37] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2018-05-24 18:47:31.560 UTC [38] LOG:  database system was shut down at 2018-05-24 18:47:31 UTC
2018-05-24 18:47:31.565 UTC [37] LOG:  database system is ready to accept connections
 done
server started
ALTER ROLE


/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*

2018-05-24 18:47:31.655 UTC [37] LOG:  received fast shutdown request
waiting for server to shut down....2018-05-24 18:47:31.656 UTC [37] LOG:  aborting any active transactions
2018-05-24 18:47:31.657 UTC [37] LOG:  worker process: logical replication launcher (PID 44) exited with exit code 1
2018-05-24 18:47:31.657 UTC [39] LOG:  shutting down
2018-05-24 18:47:31.671 UTC [37] LOG:  database system is shut down
 done
server stopped

PostgreSQL init process complete; ready for start up.

2018-05-24 18:47:31.781 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2018-05-24 18:47:31.781 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2018-05-24 18:47:31.785 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2018-05-24 18:47:31.810 UTC [55] LOG:  database system was shut down at 2018-05-24 18:47:31 UTC
2018-05-24 18:47:31.815 UTC [1] LOG:  database system is ready to accept connections

[tianon]

So, as long as OpenShift takes care of making sure the user it gives us has permission to the volume it provides, this should be sufficient.

[tianon]

Documentation updated in docker-library/docs#1239

[luckydonald]

But how do I use it now?

[yosifkit]

But how do I use it now?

Just add --user on the docker run for the desired user ID and provide a volume/directory that the said user can write to (and owns):

$ mkdir "$HOME/pgtemp"
$ sudo chown 1000:1000 "$HOME/pgtemp"
$ docker run -it --rm --user 1000:1000 -v "$HOME/pgtemp":/var/lib/postgresql/data -e POSTGRES_PASSWORD=mysecretpassword postgres