I use solr-docker with the server in my university lab. > Are you using numeric uid/gid in that config, or names?
Yes, I use numeric uid/gid. > Unless I'm mistaken one of the primary benefits of using docker is that > you can avoid having to heavily customize things in each application > so that it can coexist with other applications. I agree. FYI, MySQL and PostgreSQL images support an arbitrary user other than root. > Do you have a volume where you map some local path to /var/solr inside > the container? If so, you should be able to simply chown the local path > for that volume and its contents to the uid/gid that you have > configured, and then the permissions inside the container should also be > updated so Solr can write to that location. That's right. However, I cannot use chown command because I’m not a root user and have limited permission (cannot use chown or su commands) in the university lab’s server. In my situation, Solr fails to write to volumed directories because the directory owner is my non-root user and the writer is also non-root user (”solr”). If I can replace “solr” user with my non-root user, Solr will also run in my situation. Dima, thanks for the suggestion. However, I should rewrite when the Solr "official" image updates, right? Hisashi 2023年7月16日(日) 3:23 dmitri maziuk <dmitri.maz...@gmail.com>: > On 2023-07-15 11:55 AM, Shawn Heisey wrote: > > On 7/15/23 10:30, dmitri maziuk wrote: > >> OP needs to pull Dockerfile from upstream, change the numbers in > >> ``` > >> ENV SOLR_USER="solr" \ > >> SOLR_UID="8983" \ > >> SOLR_GROUP="solr" \ > >> SOLR_GID="8983" \ > >> ... > >> ``` > > > > Thanks for that detail! Always learning something new about Solr. > > Well, this is about docker, strictly speaking. When you look at > Dockerfile, there's useradd, groupadd, and chown commands that use the > above IUD:GID, as well as "USER $SOLR_UID" at the end (that daemon runs > as). > > That's pretty standard for daemons that won't run as root and/or write > to mounted volumes that "other people" need access to. (The latter being > the only legitimate reason to run as non-root in a container, but after > a couple of decades of "dropping privileges" and "secure coding > practices" and all that, most daemons refuse to run as root anymore.) > > Dima > > -- ////////////////////////////////////////////////////////////////////////////// 佐賀大学大学院 理工学研究科 博士後期課程2年 小嶋 恒(こじま ひさし) Tel: 080-8397-5844 Mail: kakujo...@gmail.com <mail%3akakujo...@gmail.com> //////////////////////////////////////////////////////////////////////////////
