-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker /app/gitea/gitea web runs as wrong user #2286
Comments
It run as git inside the docker that is To confirm you can do We could provide method to link the uid/git of git user inside the docker as the git user of the host at container start-up via ENV. This would need change to the start-up script. For reference/example, a used gitlab docker image choose to not do it : sameersbn/docker-gitlab#101 other build there own image of gogs with uid/gid of there host : https://gist.github.com/nrk/64e6d2fa17397204c5b232214c7fbd51 It's not really an issue but we could improve the method. |
Just stumbled upon this problem myself and it took me a while to troubleshoot it (admitting I'm a Docker and Gitea rookie). However, I did figure out how to tweak index a450d20..b374c5a 100755
--- a/docker/usr/bin/entrypoint
+++ b/docker/usr/bin/entrypoint
@@ -1,5 +1,16 @@
#!/bin/sh
+## Change GID for USER?
+if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
+ sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
+ sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
+fi
+
+## Change UID for USER?
+if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
+ sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
+fi
+
for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
mkdir -p ${FOLDER}
done After rebuilding: $ make docker I can launch Gitea with user $ cid=$(docker run -d --name=gitea -p 10022:22 -p 10080:3000 -v /var/lib/gitea/data:/data -e USER_UID=1001 -e USER_GID=1002 gitea/gitea:latest); echo $cid
06fd8a8c95e6c659c2174819bafffa5e402b2e32f3385b58b221ba7191daad45
$ docker exec -i -t $cid id git
uid=1001(git) gid=1002(git) groups=1002(git),1002(git)
$ ls -ln /var/lib/gitea/data
total 12
drwxr-xr-x 3 1001 1002 4096 Oct 26 21:42 git
drwxr-xr-x 4 1001 1002 4096 Oct 26 21:42 gitea
drwx------ 2 0 0 4096 Oct 26 21:42 ssh From @sapk's comment, I'm not sure whether this is something Gitea should support or not, but if so, I'm happy to submit a PR. PS. I'm fairly new to Gitea and the Gitea community; sorry if I'm missing something obvious. |
@HenrikBengtsson that a good solution that is use by other containers. In our case the best solution is to drop root privileges that are needed to start ssh server and use option -u of docker run. |
Thanks for the clarification - I think I understand. In the meanwhile, PR #2791 sent. |
* Add info from #2286, minor fixes to YAML indentation * Add space to make YAML valid again
why does /app/gitea/gitea web run as a different user instead of git?
Default docker configuration, no changes have been made.
docker top ed60eb5133ed
UID PID PPID C STIME TTY TIME CMD
root 2914 2896 0 17:53 ? 00:00:00 /bin/s6-svscan /etc/s6
root 2947 2914 0 17:53 ? 00:00:00 s6-supervise gitea
root 2948 2914 0 17:53 ? 00:00:00 s6-supervise openssh
root 2949 2914 0 17:53 ? 00:00:00 s6-supervise syslogd
root 2950 2948 0 17:53 ? 00:00:00 /usr/sbin/sshd -D
karel 2951 2947 0 17:53 ? 00:00:00 /app/gitea/gitea web
root 2952 2949 0 17:53 ? 00:00:00 /sbin/syslogd -nS -O-
The text was updated successfully, but these errors were encountered: