Is your feature request related to a problem? Please describe
currently, the official docker image of opensearch runs opensearch in the container as UID=1000, which seems to be traced back to the following code blocks:
|
RUN groupadd -g 1000 opensearch && \\ |
|
adduser -u 1000 -g 1000 -G 0 -d /usr/share/opensearch opensearch && \\ |
|
chmod 0775 /usr/share/opensearch && \\ |
|
chown -R 1000:0 /usr/share/opensearch |
|
|
|
WORKDIR /usr/share/opensearch |
|
COPY --from=builder --chown=1000:0 /usr/share/opensearch /usr/share/opensearch |
|
COPY --from=builder --chown=0:0 /tini /tini |
this may allows an user whose UID is 1000 to terminate opensearch in docker container with kill -SIGTERM <pid>
Describe the solution you'd like
run opensearch in container as root, or (in case of implications of running as root) a system user whose UID <= 999, which is therefore not likely to be assigned to a regular user on the host in most cases
Related component
Build
Describe alternatives you've considered
No response
Additional context
No response
Is your feature request related to a problem? Please describe
currently, the official docker image of opensearch runs opensearch in the container as UID=1000, which seems to be traced back to the following code blocks:
OpenSearch/distribution/docker/src/docker/Dockerfile
Lines 76 to 83 in e39a496
this may allows an user whose UID is 1000 to terminate opensearch in docker container with
kill -SIGTERM <pid>Describe the solution you'd like
run opensearch in container as root, or (in case of implications of running as root) a system user whose UID <= 999, which is therefore not likely to be assigned to a regular user on the host in most cases
Related component
Build
Describe alternatives you've considered
No response
Additional context
No response