Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tiny permission/user check change #807

Merged
merged 1 commit into from
May 22, 2024
Merged

Tiny permission/user check change #807

merged 1 commit into from
May 22, 2024

Conversation

myieye
Copy link
Contributor

@myieye myieye commented May 16, 2024

This is a draft, because I hardly know what I'm doing here.
I'm tempted to just revert the user/group commits for the next release, because I can't figure out what's going on.

@rmunn do these changes make sense? They don't seem to be necessary, because Send/Receive doesn't result in files owned by root. Or should we be using fsGroup: 33 on the lexbox-api container as well?

@myieye myieye requested a review from rmunn May 16, 2024 13:31
hahn-kev
hahn-kev reviewed May 16, 2024
View reviewed changes
Copy link
Collaborator

@hahn-kev hahn-kev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this actually does anything.

The run as non root just tells k8s to throw an error if the container is running as root, it doesn't cause anything to change.

Then for the user and group at the pod level, that's just inherited by the containers, but they already have the user and group set.

@myieye myieye force-pushed the bug/770-cant-delete-projects-in-develop-due-to-permissions branch from 1c568df to 6ac0cd3 Compare May 17, 2024 09:42
@myieye
Copy link
Contributor Author

myieye commented May 17, 2024

I actually got permission errors and couldn't deploy when I added runAsUser and runAsGroup to the hg containers.

    - languagedepot:pod/hg-5488bcbccc-7dnrv: container hgweb terminated with exit code 1
      > [hg-5488bcbccc-7dnrv hgweb] [Fri May 17 08:29:39.545485 2024] [cgid:error] [pid 8:tid 140533309179776] (13)Permission denied: AH01243: Couldn't bind unix domain socket /usr/local/apache2/logs/cgisock.1
      > [hg-5488bcbccc-7dnrv hgweb] [Fri May 17 08:29:39.545911 2024] [core:error] [pid 1:tid 140533309179776] (13)Permission denied: AH00099: could not create /usr/local/apache2/logs/httpd.pid.BpYvPU
      > [hg-5488bcbccc-7dnrv hgweb] [Fri May 17 08:29:39.551374 2024] [core:error] [pid 1:tid 140533309179776] AH00100: httpd: could not log pid to file /usr/local/apache2/logs/httpd.pid
 - languagedepot:deployment/hg failed. Error: container hgweb terminated with exit code 1.

I reverted that change.
I know that runAsNonRoot doesn't change anything, but it doesn't hurt to add it and it gives me warm fuzzy feelings. So, I've opened the PR for that small purpise 😉

@myieye myieye marked this pull request as ready for review May 17, 2024 09:45
@myieye myieye changed the title Try to fix permission issues Tiny permission/user check change May 17, 2024
@myieye myieye merged commit ea236cd into develop May 22, 2024
3 checks passed
@myieye myieye deleted the bug/770-cant-delete-projects-in-develop-due-to-permissions branch May 22, 2024 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hahn-kev hahn-kev hahn-kev approved these changes

@rmunn rmunn Awaiting requested review from rmunn

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@myieye @hahn-kev