Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Users can run JS7 containers from for specific user accounts:

Depending on the container management system

  • containers are started from the root account.
    • Containers are not necessarily operated for the root account, but can be configured to switch to an individual account during start-up.
  • containers are started from a non-root account.
    • Containers are operated for the same non-root account.

Ownership of directories and files in JS7 containers is managed

  • by default from the respective Dockerfile that creates the image.
  • at run-time by the respective entrypoint.sh script:
    • The script can switch user account if started from the root account.
    • The script will use the indicated account if started from a non-root account.
  • individually if users create their own Dockerfile, entrypoint.sh script and image, see JS7 - Build Container Images.

Consider changes to the start-up of JS7 containers:

...

  • If containers are operated for the root account then directories and files in exposed volumes are accessible to the root account only.
  • If containers are operated for a specific account then directories and files in exposed volumes are accessible to the given account.

...

  • Users are free to specify any user account for which the container will be operated.
  • On start-up the container will actively own relevant directories and files to the user account specified.
  • If a non-root Group ID is specified then group permissions will be handed over mapped to this group.

...

Using Run-time Accounts for Docker

Find examples for user account settings using the Docker run command:

...

Code Block
languageyml
titleOperate container for the root account (not recommended)
# specify the root account's User ID and Group ID
docker run --user="0:0"

Using Run-time Accounts for Kubernetes

Find example for user account settings with Kubernetes® deployment files:

...

Using Run-time Accounts for Docker

Find examples for user account settings using the Docker® run command:

# specify the current account's User ID and the Group ID of the root account docker run --user="$(id -u):$(id -g root"
Code Block
languageyml
titleOperate container for the current a specific user account that which is assigned the root group (recommended)
)
Code Block
languageyml
titleOperate container for a specific user account which is assigned the root group
# specify the account's User ID and the Group ID of the root account
docker run --user="100000:0"

Using Run-time Accounts for Kubernetes, OpenShift

Find examples for user account settings with Kubernetes® and OpenShift® deployment files:

...