You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been working on a proof of concept deployment of mailman 3 using these images and noticed that mailman-web's mailman user id is 100 and its group id is 101. In the mailman-core image the mailman user id is 100 too but the group id is 65533. The inconsistency between the two makes it difficult to have consistent file permissions and ownership in bind mounted data directories for these containers. Additionally, on Ubuntu (Jammy at least) uid 100 appears to belong to the _apt user and gid 101 is the systemd-journal group.
We can theoretically use userns remapping to shift things outside of the container in the bind mounts, but that is more complicated than necessary because the containers differ in their uid:gid settings for the mailman users.
Would it be possible to have the two containers' users match each other? Perhaps also to shift the default uid/gid out of the system ranges to avoid conflicts on the host? Making changes like this in a backward compatible manner is probably difficult, but I wanted to bring them up here in case I was missing something obvious about how to deal with this.
The text was updated successfully, but these errors were encountered:
There is isn't anything special with the uids we pick, it is the default the OS gives us when we create the user. Idk why would one get the 101 and other would get the last uid possible.
You are right that it would probably cause issues with existing deployments if I switch the UIDs or pin a specific uid in the container image, so it might be hard to do. Given that with user ns mapping possibility, you can pick whatever you want (although, i get that it isn't as easy and user ns isn't as widely supported by container tools today).
Tag/version of Container Images
0.4.*
I've been working on a proof of concept deployment of mailman 3 using these images and noticed that mailman-web's mailman user id is
100
and its group id is101
. In the mailman-core image the mailman user id is100
too but the group id is65533
. The inconsistency between the two makes it difficult to have consistent file permissions and ownership in bind mounted data directories for these containers. Additionally, on Ubuntu (Jammy at least) uid100
appears to belong to the_apt
user and gid101
is thesystemd-journal
group.We can theoretically use userns remapping to shift things outside of the container in the bind mounts, but that is more complicated than necessary because the containers differ in their uid:gid settings for the mailman users.
Would it be possible to have the two containers' users match each other? Perhaps also to shift the default uid/gid out of the system ranges to avoid conflicts on the host? Making changes like this in a backward compatible manner is probably difficult, but I wanted to bring them up here in case I was missing something obvious about how to deal with this.
The text was updated successfully, but these errors were encountered: