cancel
Showing results for 
Search instead for 
Did you mean: 
riemann
Flight Engineer
Flight Engineer
  • 665 Views

do188, ch04s05, openshift ignores the user instruction inside the containerfile?

Hello

The teacher explains in video ch0405 that openshift ignores the user instruction inside the containerfile. 

Does openshift do that or does openshift ignores the user mentioned in the user instruction, and replaces it with a random generated user?

I mean, does the position in the containerfile of the user instruction matter? I understood that subsequent instructions are executed as the user mentioned in the user instruction. So also the entrypoint instruction, so also the commands in the container. 

So to be certain: as the user in the user instruction are executed:

1. the instructions in the image after the user instruction,

2. the commands in the container.

?

Labels (1)
4 Replies
Chetan_Tiwary_
Moderator
Moderator
  • 619 Views

Hello @riemann !

Thanks for reaching out!

The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use as the default user and group for the remainder of the current stage. The specified user is used for RUN instructions and at runtime, runs the relevant ENTRYPOINT and CMD commands.

Refer :https://www.redhat.com/en/blog/a-guide-to-openshift-and-uids   ,especially the section User ID (UID) and Containers

 

Chetan_Tiwary_
Moderator
Moderator
  • 614 Views

I think what @ricardodacosta meant here is "By default, OpenShift Container Platform runs containers using an arbitrarily assigned user ID. This provides additional security against processes escaping the container due to a container engine vulnerability and thereby achieving escalated permissions on the host node"

 

Screenshot from 2023-12-22 18-48-09.png

Wasim_Raja
Moderator
Moderator
  • 602 Views

Nicely explained @Chetan_Tiwary_ .

@riemann Let us know  in case you have any more questions.

Chetan_Tiwary_
Moderator
Moderator
  • 601 Views

Pleasure !

Join the discussion
You must log in to join this conversation.