Docker: UID 1000 owns ipfs process - undesired results on host systems already using UID 1000 #9117
Open
3 tasks done
Labels
kind/bug
A bug in existing code (including security flaws)
need/triage
Needs initial labeling and prioritization
Checklist
Installation method
built from source
Version
Config
Docker latest
Description
I am running in Docker and this line in Dockerfile forces the ipfs command process to run as UID 1000, which on host systems already allocating this UID produces the undesired effect of running the ipfs process as owned by an unrelated user name:
My host system has an ipfs user configured as UID 1004 (owner of the ipfs data volume), and editing this line to its UID correctly spawns ipfs process owned by ipfs user:
The issue is obvious: statically setting this UID is problematic. I've been trying to find a way around it but have not come up with a working solution. Would increasing the UID to something like 1099 make more sense to avoid this type of user issue?
Or would it be possible to tell Dockerfile that if a local ipfs user exists on the host system to then adopt their UID? I've tried things like this to no avail because it's checking for that user in the container and not the host system:
Possibly using ENV variable in Dockerfile or alternatively an argument passed via docker run command? Any leads? TIA
The text was updated successfully, but these errors were encountered: