Set UID and GID for github generated docker images#509
Set UID and GID for github generated docker images#509cmickeyb merged 1 commit intohyperledger-labs:mainfrom
Conversation
Explicitly set the user and group ids for images that will be pushed ghcr by the docker workflow. This makes it easier to manage permissions of the xfer directory when using images from the registry. Signed-off-by: Mic Bowman <mic.bowman@intel.com>
| # file management with pulled images. Specifically, the | ||
| # following will make the xfer directory writeable by the | ||
| # images: | ||
| # sudo chown -R 55172:55172 $PDO_SOURCE_ROOT/docker/xfer |
There was a problem hiding this comment.
hmm, isn't just changing group (chgrp -R pdo_group $PDO_SOURCE_ROOT/docker/xfer) the only thing you need (and if you are in that group wouldn't need sudo)?
But you also would have to make sure it is group writeable Unfortunately it doesn't seem there is an easy way to define a specific umask for both build and run. Probably easiest just do chmod -R g+w at end? Or could pre-set sticky bits on the directory come to the rescue? as long as we do not create new directories during build (as currently), not having group-write on the created files is actually at least as far as make clean goes. The only case i could somewhat see as problematic is if user has umask 077 and you want to read files? But then i guess nowadays this umask is not very common and probably the scenario neither ...
Also the actual user running should be in that new group? (i.e., you might also want to add the convenience comments on the sudo groupadd pdo_group and sudo usermod $(USER) -a -G pdo_group?)
Also, why not even add a make command to do these changes? And i guess there should ideally also be a docu-update?
|
FYI: could get it working as follows: |
2 participants
Explicitly set the user and group ids for images that will be pushed ghcr by the docker workflow. This makes it easier to manage permissions of the xfer directory when using images from the registry.