Hi Nils,
Thanks for the reply. Yes, I understand your concern.
Looking for backward-compatible solution, I'm thinking of a compromise:
what about changing to an unprivileged user at the entrypoint stage ?
This is less clean than doing it in the Dockerfile, but gives more
flexibility, including the possibility to change ownership on the
existing volumes.
I made a PR based on this scenario:
https://github.com/geoserver/docker/pull/97/files
Best
Jean
*Jean Pommier -- pi-Geosolutions*
Ingénieur, consultant indépendant
Tél. : (+33) 6 09 23 21 36
E-mail : j...@pi-geosolutions.fr
Web : www.pi-geosolutions.fr <http://www.pi-geosolutions.fr>
linkedin : jean-pommier <https://www.linkedin.com/in/jean-pommier/>
Le 10/09/2024 à 13:57, Nils Bühner a écrit :
Hi Jean,
yes, I guess you are right that currently there is no mechanism to do
this and as there is no strong reason to not have it, it would be
great to bring the Dockerfile forward here.
What comes to my mind in this context: Such changes could lead to
incompatibilities/problems with the ownership on data (i.e. existing
geoserver data dirs), but I'd be really happy to find a backward
compatible solution.
So feel free to open a PR with such changes. We can discuss it then on
github.
Best regards
Nils
On 9/10/24 09:36, Jean Pommier wrote:
Hi,
From what I can see in
https://github.com/geoserver/docker/blob/master/Dockerfile, there is
no mechanism in place in the geoserver docker image to support
running it as non-privileged user.
Is there a strong reason why not ? This is usually considered a good
practice not to run the docker containers as root, if it can be
prevented.
The geOrchestra geoserver image, for instance, runs as uid 999. But
it is not using tomcat (uses jetty), which might change a bit the
context, I no expert on tomcat, but I believe this should not be too
complicated to set up.
I'd gladly spend some time working on the feature, if you see no
objection to it and think it would be of interest.
Best
Jean
--
*Jean Pommier -- pi-Geosolutions*
Ingénieur, consultant indépendant
Tél. : (+33) 6 09 23 21 36
E-mail : j...@pi-geosolutions.fr
Web : www.pi-geosolutions.fr <http://www.pi-geosolutions.fr>
linkedin : jean-pommier <https://www.linkedin.com/in/jean-pommier/>
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
