From 954013a19393a1b1d83c4292b1f1d2cf8bd6d912 Mon Sep 17 00:00:00 2001 From: Jeff Dost Date: Thu, 5 Oct 2023 02:55:14 -0700 Subject: [PATCH] move condor and gfactory users out of system id range and add script to fix user id changes between images --- opensciencegrid/gwms-factory/Dockerfile | 8 ++++---- .../etc/osg/image-init.d/11_fix_uids.sh | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 opensciencegrid/gwms-factory/etc/osg/image-init.d/11_fix_uids.sh diff --git a/opensciencegrid/gwms-factory/Dockerfile b/opensciencegrid/gwms-factory/Dockerfile index 8cd34a2d..d9f738fe 100644 --- a/opensciencegrid/gwms-factory/Dockerfile +++ b/opensciencegrid/gwms-factory/Dockerfile @@ -8,10 +8,10 @@ LABEL maintainer OSG Software # Previous build args went out of scope ARG BASE_OS -# Create the frontend user with a fixed GID/UID -# This is important so that we can use the same IDs in the persistent volume used for -# the web-area -RUN groupadd -o -g 996 gfactory && useradd -o -u 996 -g 996 -s /bin/sh gfactory +# Create the condor and factory users with a fixed GID/UID +# This is important so that we can use the same IDs in persistent volumes +RUN groupadd -g 1000 condor && useradd -u 1000 -g condor -s /bin/sh condor +RUN groupadd -g 1001 gfactory && useradd -u 1001 -g gfactory -s /bin/sh gfactory RUN yum -y install \ git \ diff --git a/opensciencegrid/gwms-factory/etc/osg/image-init.d/11_fix_uids.sh b/opensciencegrid/gwms-factory/etc/osg/image-init.d/11_fix_uids.sh new file mode 100644 index 00000000..e2b7cbed --- /dev/null +++ b/opensciencegrid/gwms-factory/etc/osg/image-init.d/11_fix_uids.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# this script fixes UID changes across images + +if [ $(stat -c %U:%G /var/lib/condor/spool) != "condor:condor" ] ; then + chown -R condor:condor /var/lib/condor/* +fi + +if [ $(stat -c %U:%G /var/lib/gwms-factory/work-dir) != "gfactory:gfactory" ] ; then + chown -R gfactory:gfactory /var/lib/gwms-factory/* +fi + +if [ $(stat -c %U:%G /var/log/gwms-factory/server) != "gfactory:gfactory" ] ; then + chown -R gfactory:gfactory /var/log/gwms-factory/* +fi