Unless you remove the container completely (not stop, completely remove) it
would keep indexes written inside the container, not requiring a volume.
“docker system prune” or “docker-compose down” would remove all container data
so you would lose the index.
Instead of rewriting official docker images, wouldn’t just rewriting a new
Dockerfile which inherits from the official image work?
FROM solr:9.2.1
ENV SOLR_USER="youruser" \
SOLR_UID="youruid" \
SOLR_GROUP="yourgroup" \
SOLR_GID="yourgid" \
.. etc
Build an image from that:
docker image build -t mysolr .
When running it:
docker run --user "$(id -u):$(id -g)" mysolr -p ….
Installing and running Docker as non-root user is hard enough, if you succeeded
that solr part should be easier 😊
-ufuk yilmaz
Sent from Mail for Windows
From: Hisashi Kojima
Sent: Sunday, July 16, 2023 3:11 AM
To: users@solr.apache.org
Subject: Re: Running Solr as an arbitrary user
I use solr-docker with the server in my university lab.
> Are you using numeric uid/gid in that config, or names?
Yes, I use numeric uid/gid.
> Unless I'm mistaken one of the primary benefits of using docker is that
> you can avoid having to heavily customize things in each application
> so that it can coexist with other applications.
I agree.
FYI, MySQL and PostgreSQL images support an arbitrary user other than root.
> Do you have a volume where you map some local path to /var/solr inside
> the container? If so, you should be able to simply chown the local path
> for that volume and its contents to the uid/gid that you have
> configured, and then the permissions inside the container should also be
> updated so Solr can write to that location.
That's right. However, I cannot use chown command because
I’m not a root user and have limited permission
(cannot use chown or su commands) in the university lab’s server.
In my situation, Solr fails to write to volumed directories because
the directory owner is my non-root user and the writer is also non-root
user (”solr”).
If I can replace “solr” user with my non-root user, Solr will also run in
my situation.
Dima, thanks for the suggestion.
However, I should rewrite when the Solr "official" image updates, right?
Hisashi
2023年7月16日(日) 3:23 dmitri maziuk <dmitri.maz...@gmail.com>:
> On 2023-07-15 11:55 AM, Shawn Heisey wrote:
> > On 7/15/23 10:30, dmitri maziuk wrote:
> >> OP needs to pull Dockerfile from upstream, change the numbers in
> >> ```
> >> ENV SOLR_USER="solr" \
> >> SOLR_UID="8983" \
> >> SOLR_GROUP="solr" \
> >> SOLR_GID="8983" \
> >> ...
> >> ```
> >
> > Thanks for that detail! Always learning something new about Solr.
>
> Well, this is about docker, strictly speaking. When you look at
> Dockerfile, there's useradd, groupadd, and chown commands that use the
> above IUD:GID, as well as "USER $SOLR_UID" at the end (that daemon runs
> as).
>
> That's pretty standard for daemons that won't run as root and/or write
> to mounted volumes that "other people" need access to. (The latter being
> the only legitimate reason to run as non-root in a container, but after
> a couple of decades of "dropping privileges" and "secure coding
> practices" and all that, most daemons refuse to run as root anymore.)
>
> Dima
>
>
--
//////////////////////////////////////////////////////////////////////////////
佐賀大学大学院 理工学研究科 博士後期課程2年
小嶋 恒(こじま ひさし)
Tel: 080-8397-5844
Mail: kakujo...@gmail.com <mail%3akakujo...@gmail.com>
//////////////////////////////////////////////////////////////////////////////
