Hi Michael, Do we need `Support Arbitrary User IDs` in pulsar docker image to allow root group r/w `/pulsar` ?
It seems that some other opensource projects use specific uid and gid, e.g. https://github.com/docker-library/mysql/blob/master/8.0/Dockerfile.debian#L84 https://github.com/docker-library/postgres/blob/master/16/bullseye/Dockerfile#L10 Michael Marshall <mmarsh...@apache.org> 于2023年8月29日周二 21:42写道: > Hi yaasln, > > What are the security concerns related to the user being a member of > the root group? I used the root group when making the docker image run > as a non root user because that follows the OpenShift guidelines [0]. > > Thanks, > Michael > > [0] > https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines > > > On Tue, Aug 29, 2023 at 5:33 AM asn <yaa...@gmail.com> wrote: > > > > Hi dev, > > > > Currently, pulsar image uses root group default. To make the image more > > safe, we can add a group `pulsar`, and then add the default user `pulsar` > > into this group. > > > > The change is located at https://github.com/apache/pulsar/pull/21084 > > > > > > Thanks! > > > > yaalsn > -- asn
