So I am required to run a Service as a non root user, i.e.,
docker service create --name myservice --replicas 2 --user xyz --env....
And part of the service creation process is to add the resulting containers’ IP and given hostnames to the /etc/hosts
files of those containers, but this always fails as user xyz has no permissions to /etc/hosts
.
Note that I need to modify the hosts file at Service create time since I don’t know which nodes the service will be created on ahead of time…
Here’s my docker file:
FROM tomcat:8-jre8
ENV CATALINA_HOME /usr/local/tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
WORKDIR $CATALINA_HOME
EXPOSE 8080 8443
(...)
ADD new-user.sh /tmp/new-user.sh
# Install some basic container utilities
RUN apt-get update && apt-get install -y \
gettext-base \
sudo \
vim \
&& rm -rf /var/lib/apt/lists/*
# Create USER
RUN envsubst < /tmp/new-user.sh > ./tmp_new-user \
&& cp ./tmp_new-user /tmp/new-user.sh \
&& chmod 755 /tmp/new-user.sh \
&& /tmp/new-user.sh
RUN chown root:openam /tmp/config.sh
RUN chmod u+s /tmp/config.sh
RUN chgrp openam /etc/hosts
#RUN sudo chmod 666 /etc/hosts
# Install and configure OpenAM at runtime
ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre
CMD ["/tmp/run-process.sh"]
The New User sh:
useradd -m -p ${USR_PWD} -m -s /bin/bash ${USR}
groupadd openam
usermod -a -G openam ${USR}
And the run-process.sh, where I try to update the /etc/host when the service gets created:
(...)
server_host=$(echo $SERVER_URL | awk -F/ '{print $3}' | awk -F: '{print $1}')
echo $(grep $(hostname) /etc/hosts | cut -f1) $server_host >> /etc/hosts
(...)
==> No matter what I setup in the Dockerfile, at the time the service containers are up, the /etc/hosts
file always has the default/system permissions (644)…
So any idea how to be able to update /etc/hosts at service creation time while running as a non-root user?
Many thanks for any insights !