Page History
...
Users can run JS7 containers from for specific user accounts:
Depending on the container management system
- containers are started from the root account.
- Containers are not necessarily operated for the root account, but can be configured to switch to an individual account during start-up.
- containers are started from a non-root account.
- Containers are operated for the same non-root account.
Ownership of directories and files in JS7 containers is managed
- by default from the respective
Dockerfile
that creates the image. - at run-time by the respective
entrypoint.sh
script:- The script can switch user account if started from the root account.
- The script will use the indicated account if started from a non-root account.
- individually if users create their own
Dockerfile
,entrypoint.sh
script and image, see JS7 - Build Container Images.
Consider changes to the start-up of JS7 containers:
...
- If containers are operated for the root account then directories and files in exposed volumes are accessible to the root account only.
- If containers are operated for a specific account then directories and files in exposed volumes are accessible to the given account.
...
- Users are free to specify any user account for which the container will be operated.
- On start-up the container will actively own relevant directories and files to the user account specified.
- If a non-root Group ID is specified then group permissions will be handed over mapped to this group.
...
Using Run-time Accounts for Docker
Find examples for user account settings using the Docker run
command:
...
Code Block | ||||
---|---|---|---|---|
| ||||
# specify the root account's User ID and Group ID docker run --user="0:0" |
Using Run-time Accounts for Kubernetes
Find example for user account settings with Kubernetes® deployment files:
...
- Users are free to specify any user account for which the container will be started and operated. Alternatively, This includes to specify temporary user accounts can be specified.
- The user account specified has to be assigned the root group.
- For OpenShift® policies see Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform
Using Run-time Accounts for Docker
Find examples for user account settings using the Docker® run
command:
Code Block | ||||||
---|---|---|---|---|---|---|
| # specify the current account's User ID and the Group ID of the root account
docker run --user="$(id -u):$(id -g root
| "|||||
Code Block | ||||||
| ||||||
# specify the account's User ID and the Group ID of the root account docker run --user="100000:0" |
Using Run-time Accounts for Kubernetes, OpenShift
Find examples for user account settings with Kubernetes® and OpenShift® deployment files:
...
Overview
Content Tools