Allow for custom uid/gid for consul user #136

nferch · 2019-10-14T17:19:43Z

The uid and gid generated in the container build process is likely to conflict with other services and containers, which is operationally inconvenient and could lead to security issues.

Could the container allow for a uid/gid to be passed via an environment variable?

Alternatively, choosing a higher static uid/gid would make it less likely to conflict with another service or container.

otto-dev · 2019-11-02T12:21:54Z

Came here to say this. Also, in some cases the UID needs to be predictable for permission management.

otto-dev · 2019-11-02T17:21:52Z

In the meantime, you can use CONSUL_DISABLE_PERM_MGMT #129 and specify what user the container should run under manually (--user flag)

This workaround means the process is now running as the container's root user, so you are exchanging one concern for another

isaaccarrington · 2020-11-20T00:21:52Z

I'm going to raise a PR. Relates to hashicorp/consul-k8s#347

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow for custom uid/gid for consul user #136

Allow for custom uid/gid for consul user #136

nferch commented Oct 14, 2019

otto-dev commented Nov 2, 2019

otto-dev commented Nov 2, 2019 •

edited

Loading

isaaccarrington commented Nov 20, 2020

Allow for custom uid/gid for consul user #136

Allow for custom uid/gid for consul user #136

Comments

nferch commented Oct 14, 2019

otto-dev commented Nov 2, 2019

otto-dev commented Nov 2, 2019 • edited Loading

isaaccarrington commented Nov 20, 2020

otto-dev commented Nov 2, 2019 •

edited

Loading