Support running Vespa in container as non-root

This removes the old VESPA_UNPRIVILEGED environment variable. Instead we use the old mechanisme if id of the user starting Vespa is root. If the container is started with a non-root user some sanity checking is done to either fail because wrong permissions are active, or warn the user for possibly too low limits.
author: Eirk Nygaard <eirik.nygaard@yahooinc.com> 2022-10-20 10:49:35 +0000
committer: Eirk Nygaard <eirik.nygaard@yahooinc.com> 2022-10-21 12:19:02 +0000
commit: 604af1235637971912bdc36d79decbac3bffe1bb (patch)
tree: fe087bb411b7e2d219b6cf0962ba555865c11671 /configserver
parent: d585895070d794ac4535e49b72d8d4b8a30f49ae (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/configserver/src/main/sh/start-configserver b/configserver/src/main/sh/start-configserver
index f223c0a8fb9..8e7a9d7839a 100755
--- a/configserver/src/main/sh/start-configserver
+++ b/configserver/src/main/sh/start-configserver
@@ -78,7 +78,7 @@ cd ${VESPA_HOME} || { echo "Cannot cd to ${VESPA_HOME}" 1>&2; exit 1; }
 
 fixfile () {
     if [ -f $1 ]; then
-        if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then
+        if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then
             chown ${VESPA_USER} $1
         fi
         chmod 644 $1
@@ -90,8 +90,8 @@ fixddir () {
        echo "Creating data directory $1"
        mkdir -p $1 || exit 1
     fi
-    if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then
-       chown ${VESPA_USER} $1
+    if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then
+        chown ${VESPA_USER} $1
     fi
     chmod 755 $1
 }
author	Eirk Nygaard <eirik.nygaard@yahooinc.com>	2022-10-20 10:49:35 +0000
committer	Eirk Nygaard <eirik.nygaard@yahooinc.com>	2022-10-21 12:19:02 +0000
commit	604af1235637971912bdc36d79decbac3bffe1bb (patch)
tree	fe087bb411b7e2d219b6cf0962ba555865c11671 /configserver
parent	d585895070d794ac4535e49b72d8d4b8a30f49ae (diff)