Add chown flag. #97
Add chown flag. #97
Conversation
k8s-ci-robot
added
the
size/S
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: no
|
CLA check. |
|
Any news on this flag addition? Think being able to set group:user would be very useful. |
|
Why not simply run it as the user/group you want? |
|
Well, I just tried this addition: just to test and see if it would become laradock/docker if that is what you meant? And yes, it seems to now store as user and group 1000. So later on I could use a www-data group uid and gui as well. |
|
git-sync is designed to run as any user you want. It does not need any
special privileges, and chooses a non-root UID by default. So yeah,
setting runAsUser/Group should be enough. If you want to use git over SSH
you may also need to specify --add-user (which writes the UID to
/etc/passwd to make ssh happy).
…On Mon, Dec 21, 2020 at 10:46 PM Jasper Frumau ***@***.***> wrote:
Well, I just tried this addition:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
just to test and see if it would become laradock/docker if that is what
you meant? And yes, it seems to now store as user and group 1000. So later
on I could use a www-data group uid and gui as well.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#97 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVHOJTZMLB2ZV2AJ6RTSWA6DNANCNFSM4FFSE3NA>
.
|
|
@thockin can you please let me know where I am going wrong. I am not able to set the UID and GID of files properly Even setting the I am only able to set the group permission as 5000 and not able to provide UID for the checked-out file. Inside the container Can you please tell me how can I set the UID(1000) and GID(1001) for the checked-out files? |
|
The default $HOME is /tmp: The default git-root for git-sync is /tmp/git: Your log suggests that the root is being changed: Specifically: "path"="//git" |
|
I am facing this issue only when I add I want to change the UID of the checked-out files. GID and permission I am able to change via
|
|
After I changed the GIT_SYNC_ROOT to say(/workspace) it worked like charm. Now, I can see my files cloned with UID: 1001, GID:5000, and expected permissions. |
|
Ahh, this is because 1001 does not exist in /etc/passwd, so is getting "/"
as $HOME. Setting the git-root is the right answer and will be required in
later versions of git-sync.
…On Tue, Mar 16, 2021 at 5:42 AM Shubham Choudhary ***@***.***> wrote:
*After I changed the GIT_SYNC_ROOT to say(/workspace) it worked like
charm.*
Now, I can see my files cloned with UID: 1001, GID:5000, and expected
permissions.
apiVersion: apps/v1
kind: Deployment
metadata:
name: poc
spec:
selector:
matchLabels:
app: poc
replicas: 1
template:
metadata:
labels:
app: poc
spec:
securityContext:
runAsUser: 1001
fsGroup: 5000
containers:
- name: busybox
image: busybox
volumeMounts:
- name: buildproperties
mountPath: /etc/data
subPath: data
stdin: true
initContainers:
- name: git-sync
image: k8s.gcr.io/git-sync/git-sync:v3.2.2
volumeMounts:
- name: buildproperties
mountPath: "/workspace"
- name: ssh-key
mountPath: /etc/git-secret/
readOnly: true
env:
- name: GIT_SYNC_SSH
value: "true"
- name: GIT_KNOWN_HOSTS
value: "false"
- name: GIT_SYNC_REPO
value: ***@***.***:XXX/YYY.git
- name: GIT_SYNC_BRANCH
value: "master"
- name: GIT_SYNC_DEST
value: "data"
- name: GIT_SYNC_ONE_TIME
value: "true"
- name: GIT_SYNC_PERMISSIONS
value: "0777"
- name: GIT_SYNC_ADD_USER
value: "true"
- name: GIT_SYNC_ROOT
value: "/workspace"
volumes:
- name: buildproperties
emptyDir: {}
- name: ssh-key
secret:
secretName: bitbucket-ssh-key
defaultMode: 0400
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#97 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVASAED3UNLXODHFKR3TD5G4PANCNFSM4FFSE3NA>
.
|
|
Is it documented somewhere? I was not able to find it. If you want I can send a PR to add this note at the bottom of https://github.com/kubernetes/git-sync/blob/release-3.x/docs/ssh.md#step-3-configure-git-sync-container. |
|
That would be great!
…On Tue, Mar 16, 2021 at 11:03 AM Shubham Choudhary ***@***.***> wrote:
Is it documented somewhere? I was not able to find it.
If you want I can send a PR to add this note at the bottom of
https://github.com/kubernetes/git-sync/blob/release-3.x/docs/ssh.md#step-3-configure-git-sync-container
.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#97 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVHFJCEB3SEAVSJNW5TTD6MOVANCNFSM4FFSE3NA>
.
|
|
But while using GIT_SYNC_PERMISSIONS, argument, as "0755" I am getting this below error. When I don't pass GIT_SYNC_PERMISSIONS I can manually go inside the application container and run |
|
Hi, Can you please break this permissions issue report into a new issue with the smallest repro possible? |
* Add GIT_SYNC_ROOT change for non-root user in docs/ssh https://github.com/kubernetes/git-sync/pull/97\#issuecomment-800606819 * linewrap * minor * Add GIT_SYNC_ROOT change for non-root user in docs/ssh https://github.com/kubernetes/git-sync/pull/97\#issuecomment-800606819 * linewrap * minor * minor
5 participants
Hiya,
Thank you for git-sync. It's pretty awesome! I just signed the CLA. Can we add a chown flag please?