On 2023-07-15 11:55 AM, Shawn Heisey wrote:
On 7/15/23 10:30, dmitri maziuk wrote:
OP needs to pull Dockerfile from upstream, change the numbers in
```
ENV SOLR_USER="solr" \
SOLR_UID="8983" \
SOLR_GROUP="solr" \
SOLR_GID="8983" \
...
```
Thanks for that detail! Always learning something new about Solr.
Well, this is about docker, strictly speaking. When you look at
Dockerfile, there's useradd, groupadd, and chown commands that use the
above IUD:GID, as well as "USER $SOLR_UID" at the end (that daemon runs as).
That's pretty standard for daemons that won't run as root and/or write
to mounted volumes that "other people" need access to. (The latter being
the only legitimate reason to run as non-root in a container, but after
a couple of decades of "dropping privileges" and "secure coding
practices" and all that, most daemons refuse to run as root anymore.)
Dima
