Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.

    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support

    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

General discussion
  1. OpenProject
  2. Forums
  3. General discussion
  4. Docker container is running as privileged user?

Docker container is running as privileged user?

Added by Bluewhale1502 . almost 6 years ago

Hi there,

we are about to migrate to the docker/kubernetes platform. Due to security reasons, we do not allow containers to run as privileged user. However using the "user: app" directive to let the container run as user app (which seems to own most of the processes) the container refuses to start with the following message:

chown: changing ownership of '/tmp/tmp.OhyH3jj8gx': Operation not permitted

I checked with starting it in privileged mode and there seems to be two such temp files.
One belongs to root:root and one to postgres:root.

It would be nice if the docker container will be assembled in that way, that it supports running in unprivileged mode.

If some one has already fixed it by deriving from that container (openproject/community:7.4.7 to 8.2.1), I would be glad to hear.

Cheers

Stefan


Loading...