potiuk commented on pull request #15162: URL: https://github.com/apache/airflow/pull/15162#issuecomment-812677042
> I read that guide in openshift and come to the complete opposite conclusion: we should support running as whatever user id the user chooses. Yeah. I actually fully agree with that statement. And we can do that already (our image allows that), But the gudelines also say (and I follow it) that in order to make it possible without additional extra effort, the best way is to also always run the image with GID=0 and make your image prepared for that - every folder in the image to have GID=0 as primary group and all the access rights synchronized so that rights of the owner and rights of the group are the same. Following this avoids many pitfalls when you think about extendability of the image . For example if you build your image FROM: and want to install new package, if you will do it as an `airflow` user (because you do not want to change it back to root and again back to airflow) with the current approach, it will still be "OpenShift-compatible" and work without any more effort. Which actually made me check something - I am going to update this one a bit and add `umask 0002` instead of the default `0022` which will make it truly working out-of-the box for arbitrary user even if the installation of such 3-rd party package will create a new writeable directory. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
