So I am removing the volumes in the docker-compose and replacing them with local folders to preserve data. I also have an external MySql database. I ran into aparecntly a well known problem of permission denied for acs and ass directories. I did the "find user id and make that uesr the owner of the local directory" trick and it's working fine. My question is that even that it is working, those directories now look like they are owned by people who should not. And what's worse is that the "fake" user id that is mapped to a "real" local user, now has access to that directory.
Is there a way to change the docker user so that I could match it to a local user that I have controll over? How does one come over this abvious security hole in a production environment. In production you must have the content mapped to a local directory and database for persistance, backup, etc... so I can't be the first to wonder htis.
Solved! Go to Solution.
Then I guess you should follow specific Docker instructions in order to provide this mapping:
https://docs.docker.com/engine/security/userns-remap/
You can map internal Docker User Ids to your host user ids. Is that not enough?
No, The internal Docker User has an id of 1000, There is already a user with the id of 1000. and the user who has the 1000 id should NOT have access to the repo. So I need to set the docker users ID then I can make restricted user accounts locally and use that.
Then I guess you should follow specific Docker instructions in order to provide this mapping:
https://docs.docker.com/engine/security/userns-remap/
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.