Create mongodb home dir in useradd command #463
Conversation
Dockerfile-linux.template
Outdated
| @@ -1,7 +1,7 @@ | |||
| FROM placeholder | |||
|
|
|||
| # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added | |||
| RUN groupadd -r mongodb && useradd -r -g mongodb mongodb | |||
| RUN groupadd -r mongodb && useradd -m -r -g mongodb mongodb | |||
There was a problem hiding this comment.
Rather than creating a home directory for a system account, we should probably just set it somewhere that mongodb can write, like /tmp.
Like this:
| RUN groupadd -r mongodb && useradd -m -r -g mongodb mongodb | |
| RUN groupadd -r mongodb && useradd --home-dir /tmp -r -g mongodb mongodb |
Or this?
(fully expand the arguments for clarity; adjust now-edited RUN line to match semicolon formatting of other lines)
| RUN groupadd -r mongodb && useradd -m -r -g mongodb mongodb | |
| RUN set -eux; \ | |
| groupadd --system mongodb; \ | |
| useradd --system --gid mongodb --home-dir /tmp mongodb |
Maybe even add --gid and --uid with explicit number 999 (the current value) like docker-library/postgres#93 to groupadd and useradd, respectively.
There was a problem hiding this comment.
Or maybe we just add ENV HOME /tmp so that any UID that the user runs as will work.
There was a problem hiding this comment.
How about a home-dir of /var/mongodb, similar to other system accounts?
> docker run mongo cut -d: -f 6,1 /etc/passwd | sort -t : -k 2
bin:/bin
proxy:/bin
sync:/bin
sys:/dev
mongodb:/home/mongodb
_apt:/nonexistent
nobody:/nonexistent
root:/root
games:/usr/games
daemon:/usr/sbin
backup:/var/backups
man:/var/cache/man
gnats:/var/lib/gnats
list:/var/list
mail:/var/mail
irc:/var/run/ircd
lp:/var/spool/lpd
news:/var/spool/news
uucp:/var/spool/uucp
www-data:/var/www
There was a problem hiding this comment.
Still need to create the home directory to address the original issue.
The mongodb user ID should not share a global HOME env var with any other accounts.
ebolingerjc
changed the title
|
Hi - this still appears to be a problem in the latest version We're using it in conjunction with MongoDB TestContainers. Will try a workaround to create the TestContainer using docker compose though this obviously isn't the cleanest workaround. Any ideas when this will be merged? |
|
As noted in #323, we're still looking for a reliable reproducer of an error:
|
|
Fixed via #541 👍 |
Updates Dockerfile with
useradd -mcommand.Fixes issue #323.
Users are annoyed when container commands try to save shell history and produce this message:
Users create brittle workarounds when the Dockerfile should just create the home directory when creating the
mongodbuser.