Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker user daemon with id 1 causes permission issues with local #1227

Closed
DaveCLowe opened this issue Feb 13, 2020 · 1 comment
Closed

Docker user daemon with id 1 causes permission issues with local #1227

DaveCLowe opened this issue Feb 13, 2020 · 1 comment
Assignees
@To-om
Milestone
3.4.1

Comments

@DaveCLowe
Copy link

Request Type

Feature Request

Work Environment

Question Answer
OS version (server) RedHat
TheHive version / git hash 3.4.0
Package Type Docker

Problem Description

You should create a user within the docker image with a high statically defined uid/gid so we can create local users with the same IDs to grant the container user read permissions to files such as application.conf when mounted within the container at runtime.

At present, we need to create a new docker image to work around the runtime container local volume mount permission denied errors.

Steps to Reproduce

  1. Start a docker container with a local volume mount for application.conf to /etc/thehive/application.conf
  2. Start a shell within the container
  3. As the "daemon" user with uid 1, you won't be able to read the application.conf file

Possible Solutions

Option 1: Change the daemon uid from 1 to a high static number
Option 2: Create a new user instead of daemon with a high uid

Please check out the neat work in Grafana's dockerfile for suggestion:
https://github.com/grafana/grafana/blob/master/Dockerfile

Complementary information

Perhaps it's also best to build from a different base image than elasticsearch?
@DaveCLowe
Copy link
Author

Would be happy to submit a PR for a dockerfile, but that doesn't exist and is generated only on build?
#1222

Suggest moving away from that approach to this.

@To-om To-om self-assigned this Mar 31, 2020
@To-om To-om added this to the 3.4.1 milestone Mar 31, 2020
To-om added a commit that referenced this issue Apr 7, 2020
@To-om
#1227 Docker: run service with user "thehive" (uid: 1000)
03b2ce5
@To-om To-om closed this as completed Apr 7, 2020
To-om added a commit that referenced this issue Apr 9, 2020
@To-om
#1227 Reformat and add repository URL
0eb6daf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
None yet
Projects
None yet
Milestone
3.4.1
Development

No branches or pull requests
2 participants
@DaveCLowe @To-om