Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Files ownership issue when host user has no user group #123

Open
miellaby opened this issue Feb 6, 2024 · 1 comment
Open

Files ownership issue when host user has no user group #123

miellaby opened this issue Feb 6, 2024 · 1 comment

Comments

@miellaby
Copy link

miellaby commented Feb 6, 2024

  • Context: Using cqfd from a host user (jenkins) who has no user group. For example, on our server, jenkins belongs to the docker group only (which is its primary group).

  • Expected: commands run by cqfd inherits the credentials/ownership of the host user. Especially files generated by cqfd encapsulated commands have the same user and group than the files generated without cqfd. In our case, generated files should be owned by jenkins:docker (user jenkings group docker).

  • Observed: files generated within cqfd are owned by jenkins:jenkins instead of jenkins:docker

Correction proposal (TBC): In make_launch() bash function, useradd should be called with the --no-user-group option to make the docker user consistent with the host user (that is with the same primary group).
@miellaby miellaby changed the title Issue if user has no user-group Files ownership issue if host user has no user group Feb 6, 2024
@miellaby miellaby changed the title Files ownership issue if host user has no user group Files ownership issue when host user has no user group Feb 6, 2024
joufella pushed a commit that referenced this issue Feb 25, 2024
@joufellasfl
create container user with no user group
05ad21c 
This issue was reported in #123, where @miellaby wrote:

> Context: Using cqfd from a host user (jenkins) who has no user
> group. For example, on our server, jenkins belongs to the docker group
> only (which is its primary group).
>
> Expected: commands run by cqfd inherits the credentials/ownership of
> the host user. Especially files generated by cqfd encapsulated
> commands have the same user and group than the files generated without
> cqfd. In our case, generated files should be owned by
> jenkins:docker (user jenkings group docker).
>
> Observed: files generated within cqfd are owned by jenkins:jenkins
> instead of jenkins:docker.
>
> Correction proposal (TBC): In make_launch() bash function, useradd
> should be called with the --no-user-group (-N) option to make the
> docker user consistent with the host user (that is with the same
> primary group).
@joufellasfl
Copy link
Contributor

Thanks for the report @miellaby, a change was added to handle this case in the master branch, would you be able to test it in your environment ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miellaby @joufellasfl