Alien2150 opened a new issue #18900: URL: https://github.com/apache/airflow/issues/18900
### Apache Airflow version 2.2.0 (latest released) ### Operating System Debian GNU/ Linux 10 (buster) ### Versions of Apache Airflow Providers _No response_ ### Deployment Other Docker-based deployment ### Deployment details _No response_ ### What happened When I try to build my own images and run a COPY command it fails on 2.2 because the Airflow group is missing: ``` COPY --chown=airflow:airflow src/python/dags ./dags/python/ COPY --chown=airflow:airflow src/python/hooks ./hooks COPY --chown=airflow:airflow src/python/operators ./operators/ COPY --chown=airflow:airflow src/sql/ ./dags/sql/ COPY --chown=airflow:airflow src/python/requirements.txt /tmp/requirements.txt ``` It seems the Dockerfile removed the airflow group on 2.2.0 and now runs as root group? This is not a good security practice. Is there a reason to have airflow running as root? docker run --rm -it apache/airflow:2.2.0-python3.9 bash cat /etc/group: `root:x:0:airflow daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100: nogroup:x:65534: ssh:x:101:` docker run --rm -it apache/airflow:2.1.4-python3.9 cat /etc/group: ` root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100: nogroup:x:65534: ssh:x:101: airflow:x:50000:airflow ` ### What you expected to happen _No response_ ### How to reproduce _No response_ ### Anything else _No response_ ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
