Hi,
How do I run awx_web and awx_task containers as non-root user on docker host so that
they don’t have root privileges on docker host?
I tried to run awx_web container by passing the below user option in docker run.
–user “$(id -u):$(id -g)”
But it fails when launch_awx.sh tries to update /etc/passwd.
if [ id -u -ge 500 ]; then
echo “awx:x:id -u:id -g:,:/var/lib/awx:/bin/bash” >> /tmp/passwd
cat /tmp/passwd > /etc/passwd
rm /tmp/passwd
fi
Commenting the update of /etc/password and running launch_awx.sh fails as supervisord.log
doesn’t have write permissions on /var/lib/awx?
ls -lr /var/lib/ | grep awx
drwxrwxr-x. 1 root root 4096 Nov 20 19:28 awx
Has anyone tried to make awx containers run as non-root user? I’m thinking of playing
with below options and want to check if anyone has tried and if there are any other options
a. Removing root user in Dockerfile when building
USER root
b. Changing file permissions in the container.
c. Configure user namespaces on docker daemon, but run as root user on container.
Thanks,
Mark