Skip to content

Remove changing to default `www-data` user (fixes ci pipeline issues)

Emanuel Jacob requested to merge dev/nouser into main

We had some issues with permissions/ownerships in the gitlab-ci pipelines that are very likely caused by the default user that has been set in all of our dockerfiles. this mr should fix that, by changing the way we handle the default user.

issue description (one, but perhaps more in the future)

when running multiple jobs with one of our images, the permissions seem not to be the same:

  • src folders that were cloned from the git repository are owned by root but the ci jobs run as www-data OR...
  • job 1 creates vendor via composer install but vendor is owned by root whereas the content of vendor is owned by www-data, therefore job 2 runs into issues. Example: Job 1 makes a tar.gz. file (not taking permissions or ownership into account) from vendor, Job 2 tries to unpack (with/without explicitly changing via flags) permissions/ownership - this will always fail when running as www-data. example job failures: https://git.team23.de/clients/4business/4business-v2/-/jobs/885210, https://git.team23.de/team23/magento/magento2/-/jobs/928665

Unfortunately we are also not able to change user via su, because the root user has no password, but a password is required when using su when then current is NOT root. This was no problem if we simply could define the user that is taken for running the jobs in the gitlab-ci pipeline. However this is not possible right now (see gitlab issue board and documentation). sudo is not installed neither, and according to @ddanier its better to not install it for such purposes.

After discussing it further (@ddanier @bochocki @ejacob), the conclusion was that the easiest and less impactful change was to change how we handle the default user in our dockerfiles. here's a MR for that.

However, if you have great arguments or a specific need for why we SHOULD NOT change the user let us know. maybe we have to search for a different solution.

Of course we might also have to change the user in our b5 tasks in all projects that use this image. I'd offer to do the changes myself or help the team.

Edited by Emanuel Jacob

Merge request reports

TEAM23 Digitalagentur - team23.de