feat: Use container default user instead of forcing root user#382
feat: Use container default user instead of forcing root user#382ma-04 wants to merge 2 commits intomcuadros:masterfrom
Conversation
- Change User field default from "root" to empty string in ExecJob, RunJob, and RunServiceJob - Only set User in Docker API calls when explicitly specified by user - This matches Docker's default behavior: no --user flag = container's default user - Update documentation to reflect new default behavior - Maintains backward compatibility: explicit user settings still work as before Fixes the issue where all jobs were forced to run as root even when the container had a different default user configured.
|
@taraspos, any possibility of getting this merged or some feedback? |
|
Hi @ma-04, However, I'm worried about breaking change. A lot of people are using Ofelia and might be relying on current behaviour (don't get me wrong, using As it stands, there are currently two main versions of Ofelia - If this PR is merged as is, it will become part of |
|
Apologies for the late reply. Ideally, I'd like to get this merged to latest. But I can understand the concern on this breaking workflow for users. I will be doing some tests to see how it's behaving normally vs with the proposed changes, especially in terms of permission handling to see how it's impacting certain tasks and report back. Thanks for your input again. Edit: fix typo and clarify grammar |
## Summary - Add global `default-user` setting in `[global]` section (default: `nobody`) - Allow per-job `user` override on exec/run/service jobs - Setting `default-user =` (empty) uses container's default user ## Configuration Examples ```ini # Use container's default user globally [global] default-user = # Or use a custom global default [global] default-user = appuser # Override per-job [job-exec "backup"] schedule = @daily container = myapp command = /backup.sh user = root # This job needs root ``` ## Behavior | Config | Result | |--------|--------| | No setting | Uses `nobody` (secure default) | | `default-user = root` | All jobs run as root | | `default-user =` (empty) | Uses container's default user | | Per-job `user = X` | Overrides global default | Closes #381 --- Addresses: - mcuadros#382 ## Test plan - [x] Unit tests for `DefaultUser` global config parsing - [x] Unit tests for `applyDefaultUser()` function - [x] Verify existing tests still pass - [ ] Manual testing with Docker containers
2 participants
If a docker container has an user defined but run with user ID (--user=1000:1000) instead of user name, ofelia can encounter permission related issues with filesystem related tasks.
Also fixes the issue where all jobs were forced to run as root even when the container
had a different default user configured.
Initial testing shows working as expected when a docker container was started with --user restriction.
Changes: