diff options
author | Eirk Nygaard <eirik.nygaard@yahooinc.com> | 2022-10-20 10:49:35 +0000 |
---|---|---|
committer | Eirk Nygaard <eirik.nygaard@yahooinc.com> | 2022-10-21 12:19:02 +0000 |
commit | 604af1235637971912bdc36d79decbac3bffe1bb (patch) | |
tree | fe087bb411b7e2d219b6cf0962ba555865c11671 /configserver | |
parent | d585895070d794ac4535e49b72d8d4b8a30f49ae (diff) |
Support running Vespa in container as non-root
This removes the old VESPA_UNPRIVILEGED environment variable. Instead we use
the old mechanisme if id of the user starting Vespa is root. If the container
is started with a non-root user some sanity checking is done to either fail
because wrong permissions are active, or warn the user for possibly too low
limits.
Diffstat (limited to 'configserver')
-rwxr-xr-x | configserver/src/main/sh/start-configserver | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/configserver/src/main/sh/start-configserver b/configserver/src/main/sh/start-configserver index f223c0a8fb9..8e7a9d7839a 100755 --- a/configserver/src/main/sh/start-configserver +++ b/configserver/src/main/sh/start-configserver @@ -78,7 +78,7 @@ cd ${VESPA_HOME} || { echo "Cannot cd to ${VESPA_HOME}" 1>&2; exit 1; } fixfile () { if [ -f $1 ]; then - if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then + if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then chown ${VESPA_USER} $1 fi chmod 644 $1 @@ -90,8 +90,8 @@ fixddir () { echo "Creating data directory $1" mkdir -p $1 || exit 1 fi - if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then - chown ${VESPA_USER} $1 + if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then + chown ${VESPA_USER} $1 fi chmod 755 $1 } |