GOSU fails to switch when provided user_id is larger than 65536?!! #85
Comments
Samahu
changed the title
|
I'm not able to reproduce without rootless: / # gosu 2147483647:2147483647 id
uid=2147483647 gid=2147483647I'm guessing the third field in your user's |
|
Indeed, the third field of |
|
I increased the value of third field to 15665550 but now docker won't start. I don't fully understand how to pick the range for the user name space such that it would work with rootless docker and still work gosu, does anyone have an idea? Note that the value of :100000:65536 is not something that I came up with but rather it is what the rootless docker installation script emits: https://github.com/moby/moby/blob/master/contrib/dockerd-rootless-setuptool.sh Thanks! |
|
I got some feedback from docker maintainers, hinting at editing I don't understand how you were able to run We use strictly controlled machines and any adjustments to be made to system files require a privileged user intervention. So I'd rather understand the issue before I open a ticket. Thanks! |
I don't think that increasing SUB_UID_COUNT to 15665550 is a good approach. If I understood correctly this controls the number of sub user ids assigned to each user on the system. |
|
Yeah, that makes sense, but I'm not sure I understand how/why it's related to (In other words, I'd suggest further discussion should probably go to a dedicated support forum, such as the Docker Community Forums, the Docker Community Slack, or Stack Overflow, since there doesn't appear to be anything here |
|
(I'm able to run the commands successfully because I'm not running rootless.) |
|
I don't have a working solution to this issue but going to close it anyway for now. If you or anyone got to try out gosu with rootless docker mode please update this ticket. |
I am using gosu within a docker container that is going to be run within a rootless docker mode. The rootless mode is required.
I am trying to use
gosuwhen launching the container to maintain the file permissions and ownership to the host user for files generated during a docker session.The problem is whenever I try to invoke gosu to switch to the newly added user within docker (that matches the host user), I get the following errro:
error: failed switching to "some_user": invalid argumentI looked around and found that this might the most related issue: #64
However, when I try what was the developer who asked the question struggling with, I didn't have a problem executing the command:
gosu 1000 id # or gosu 1000:1000 idThat being the case I did several tests and found out that there seems to be an upper limit on the user id that
gosuaccepts:$ gosu 65536 id uid=65536 gid=0(root) groups=0(root) $ gosu 65537 id error: failed switching to "65537": invalid argumentUnfortunately, my user id has a value larger than 65536.
Can some one explain why is this a problem and whether there is a way around this limitation.
$ gosu --version gosu version: 1.10 (go1.10.4 on linux/amd64; gc) license: GPL-3 (full text at https://github.com/tianon/gosu)The text was updated successfully, but these errors were encountered: