Adding support for running as :ANY: user #474
Conversation
This is useful in Kubernetes environments where the uid is provided by the platform. In environments with user namespacing even if the container thinks it is running as root it can be mapped to a non-root user in the host OS.
|
This is my first attempt at anything in nodejs. Feel free to modify this however necessary. With this patch I am able to run on shiny-server on OpenShift 4. |
|
Exactly what I need. Either this or something that doesn't require run_as (so long as there's no user-based functionality) |
|
Here's a useful page explaining how this works in OpenShift (some of which will also be true for Kubernetes too) https://www.openshift.com/blog/a-guide-to-openshift-and-uids |
|
I'm not a committer, but I would suggest 'run_as :CURRENT_USER:' might read more accurately compared to 'run_as :ANY:' There is a related issue (that is addressed in OpenShift 4, but earlier versions of OpenShift and other Kubernetes distributions may experience this) is that Shiny (or R?) objects to not having an entry for its user in /etc/passwd In OpenShift 4 (this is presumably set up by CRI-O) synthesizes a username which is the same as the UID. |
|
Also, its useful to point out that the Umask will need do be adjusted because it will need files to be be group read/write. Permissions 2770 or 2775 tend to be useful when assigning permissions. But that's not an issue for this pull-request. |
|
Thanks for the feedback, @cameronkerrnz. I would be just as happy for it to be called CURRENT_USER too. This has been sitting here for a while. If you have any ideas how we could raise awareness with the dev team I would appreciate it. |
This is useful in Kubernetes environments where the uid is provided by the
platform. In environments with user namespacing even if the container thinks
it is running as root it can be mapped to a non-root user in the host OS.