From this reading on https://docs.openshift.org/latest/creating_images/guidelines.html#openshift-specific-guidelines in the section Support Arbitrary User IDs. It's recommended for:
USER with the user id, not the usernameExample:
RUN chgrp -R 0 /some/directory && \
chmod -R g=u /some/directory
RUN chmod g=u /etc/passwd
ENTRYPOINT [ "uid_entrypoint" ]
USER 1001
I'm not clear with what all these mean.
g=u mean?0 mean?I've specified in my image the below to create a new user and group, and run processes as that user (non-root). Is this wrong? Can someone please help explain and provide examples - what is the correct way of doing it?
RUN useradd -M nonroot \
&& groupadd nonrootgr \
&& chown -R nonroot:nonrootgr /var/lib/myapp
USER nonroot
Where is user 1001 defined?
You need to create a non root user account with that user ID.
See: https://github.com/sclorg/s2i-base-container/blob/master/core/Dockerfile#L71
What does g=u mean?
It sets the group permissions for the directory/file to the same as what the user has.
What does group 0 mean?
The root group has group ID of 0.
I've specified in my image the below....*
See the linked example above for how to add non root user.
You must use:
USER 1001
You cannot use an account name as value for USER, it must be an integer value.