I have a docker container run with a non root user for better security, but it seems it can't access the secrets I'm sharing with it:
Importing account from "/run/secrets/authority.priv.json" failed: Permission denied (os error 13)
I tried different solutions in my docker compose: 1. Setting the uid and gid to 1000 (uid/gid if the user inside the container) 2. Settting the mode to 0444 and even 0777
But none of these have worked, only using root allows me to use these secrets.
Any idea?
Bonus question: will it be the same issue within kubernetes?
The dockerfile:
FROM parity/parity:v2.2.1
LABEL maintainer="[email protected]"
# SAD but It seems impossible to read the secrets otherwise
USER root
VOLUME ["/home/parity/.local/share/io.parity.ethereum"]
ADD ./configPoANode.toml /home/parity/configPoANode.toml
ADD ./PoA.json /home/parity/PoA.json
ADD ./entrypoint.sh /home/parity/entrypoint.sh
ENTRYPOINT ["/home/parity/entrypoint.sh"]
appendix: repository (with user ROOT in the dockerfile):
This is because you are setting root user in the docker container and root owns all the monted volumes and files, not the parity user which I am not sure even exists.
I would dothe following:
Remove
USER root
from the dockerfile. It is root by default.Check if
parity
user even exists in the container.If not create it with the
/home/parity
directory.Mount the volume and files as you did.
RUN chown -R parity:parity /home/parity
gives the ownership of the newly created user.Then tell the container to use the newly created user by default with
USER parity
Add the entrypoint you might need to
RUN chmod ug+x /home/parity/entrypoint.sh
Which makes it executable for sure.You are good to go (hopefully), you don't need to set any user when running the container, with the line
USER parity
it will use theparity
user by default.