Support running the container under OpenShift with alternate UIDs. Fixes #7257

2025-01-23 23:13:38 -06:00 · 2022-03-21 11:19:33 +00:00 · 2022-03-21 11:19:33 +00:00 · e7dc6df723
commit e7dc6df723
parent 74e794b416
3 changed files with 18 additions and 5 deletions
--- a/13
+++ b/13
@ -188,14 +188,17 @@ RUN apk add \
        libcap && \
    /venv/bin/python3 -m pip install --no-cache-dir gunicorn && \
    find / -type d -name '__pycache__' -exec rm -rf {} + && \
-    groupadd -g 5050 pgadmin && \
-    useradd -r -u 5050 -g pgadmin pgadmin && \
+    useradd -r -u 5050 -g root -s /sbin/nologin pgadmin && \
    mkdir -p /var/lib/pgadmin && \
-    chown pgadmin:pgadmin /var/lib/pgadmin && \
+    chown pgadmin:root /var/lib/pgadmin && \
+    chmod g=u /var/lib/pgadmin && \
    touch /pgadmin4/config_distro.py && \
-    chown pgadmin:pgadmin /pgadmin4/config_distro.py && \
+    chown pgadmin:root /pgadmin4/config_distro.py && \
+    chmod g=u /pgadmin4/config_distro.py && \
+    chmod g=u /etc/passwd && \
    setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/python3.9 && \
-    echo "pgadmin ALL = NOPASSWD: /usr/sbin/postfix start" > /etc/sudoers.d/postfix
+    echo "pgadmin ALL = NOPASSWD: /usr/sbin/postfix start" > /etc/sudoers.d/postfix && \
+    echo "pgadminr ALL = NOPASSWD: /usr/sbin/postfix start" >> /etc/sudoers.d/postfix

 USER pgadmin

--- a/docs/en_US/release_notes_6_8.rst
+++ b/docs/en_US/release_notes_6_8.rst
@ -21,3 +21,4 @@ Bug fixes

  | `Issue #7059 <https://redmine.postgresql.org/issues/7059>`_ -  Fixed an issue where the error is shown on logout when the authentication source is oauth2.
  | `Issue #7238 <https://redmine.postgresql.org/issues/7238>`_ -  Fixed an issue where foreign key is not removed even if the referred table is removed in ERD.
+  | `Issue #7257 <https://redmine.postgresql.org/issues/7257>`_ -  Support running the container under OpenShift with alternate UIDs.
--- a/pkg/docker/entrypoint.sh
+++ b/pkg/docker/entrypoint.sh
@ -1,5 +1,14 @@
 #!/bin/sh

+# Fixup the passwd file, in case we're on OpenShift
+if ! whoami &> /dev/null; then
+  if [ $(id -u) -ne 5050 ]; then
+    if [ -w /etc/passwd ]; then
+      echo "${USER_NAME:-pgadminr}:x:$(id -u):0:${USER_NAME:-pgadminr} user:${HOME}:/sbin/nologin" >> /etc/passwd
+    fi
+  fi
+fi
+
 # Populate config_distro.py. This has some default config, as well as anything
 # provided by the user through the PGADMIN_CONFIG_* environment variables.
 # Only update the file on first launch. The empty file is created during the