Change docker user?

cancel
Showing results for 
Search instead for 
Did you mean: 
mangar
Established Member II

Change docker user?

Jump to solution

So I am removing the volumes in the docker-compose and replacing them with local folders to preserve data.  I also have an external MySql database.  I ran into aparecntly a well known problem of permission denied for acs and ass directories.  I did the "find user id and make that uesr the owner of the local directory" trick and it's working fine.  My question is that even that it is working,  those directories now look like they are owned by people who should not.  And what's worse is that the "fake" user id that is mapped to a "real" local user,  now has access to that directory.

Is there a way to change the docker user so that I could match it to a local user that I have controll over?  How does one come over this abvious security hole in a production environment.  In production you must have the content mapped to a local directory and database for persistance, backup,  etc...  so I can't be the first to wonder htis.

1 Solution

Accepted Solutions
angelborroy
Alfresco Employee

Re: Change docker user?

Jump to solution

Then I guess you should follow specific Docker instructions in order to provide this mapping:

https://docs.docker.com/engine/security/userns-remap/

Hyland Developer Evangelist

View solution in original post

3 Replies
angelborroy
Alfresco Employee

Re: Change docker user?

Jump to solution

You can map internal Docker User Ids to your host user ids. Is that not enough?

Hyland Developer Evangelist
mangar
Established Member II

Re: Change docker user?

Jump to solution

No,  The internal Docker User has an id of 1000,  There is already a user with the id of 1000.  and the user who has the 1000 id should NOT have access to the repo.  So I need to set the docker users ID then I can make restricted user accounts locally and use that.

angelborroy
Alfresco Employee

Re: Change docker user?

Jump to solution

Then I guess you should follow specific Docker instructions in order to provide this mapping:

https://docs.docker.com/engine/security/userns-remap/

Hyland Developer Evangelist

View solution in original post