I have a docker container run with a non root user for better security, but it seems it can't access the secrets I'm sharing with it:
Importing account from "/run/secrets/authority.priv.json" failed: Permission denied (os error 13)
I tried different solutions in my docker compose: 1. Setting the uid and gid to 1000 (uid/gid if the user inside the container) 2. Settting the mode to 0444 and even 0777
But none of these have worked, only using root allows me to use these secrets.
Any idea?
Bonus question: will it be the same issue within kubernetes?
The dockerfile:
FROM parity/parity:v2.2.1
LABEL maintainer="[email protected]"
# SAD but It seems impossible to read the secrets otherwise
USER root
VOLUME ["/home/parity/.local/share/io.parity.ethereum"]
ADD ./configPoANode.toml /home/parity/configPoANode.toml
ADD ./PoA.json /home/parity/PoA.json
ADD ./entrypoint.sh /home/parity/entrypoint.sh
ENTRYPOINT ["/home/parity/entrypoint.sh"]
appendix: repository (with user ROOT in the dockerfile):
This is because you are setting root user in the docker container and root owns all the monted volumes and files, not the parity user which I am not sure even exists.
I would dothe following:
Remove
USER rootfrom the dockerfile. It is root by default.Check if
parityuser even exists in the container.If not create it with the
/home/paritydirectory.Mount the volume and files as you did.
RUN chown -R parity:parity /home/paritygives the ownership of the newly created user.Then tell the container to use the newly created user by default with
USER parityAdd the entrypoint you might need to
RUN chmod ug+x /home/parity/entrypoint.shWhich makes it executable for sure.You are good to go (hopefully), you don't need to set any user when running the container, with the line
USER parityit will use theparityuser by default.