Skip to content
This repository has been archived by the owner on Jun 26, 2024. It is now read-only.

Change the uid of the unprivileged user #15

Merged
merged 1 commit into from
Nov 14, 2022
Merged

Change the uid of the unprivileged user #15

merged 1 commit into from
Nov 14, 2022

Conversation

mcdonnnj
Copy link
Member

🗣 Description

This pull request changes the default value used for the uid/gid of the unprivileged user and its group.

💭 Motivation and context

This aligns the unprivileged user with the changes made in cisagov/cyhy_amis#559 so that when this image is used in our environment the image's unprivileged user is able to access secrets that have been restricted to the cyhy user in that environment.

🧪 Testing

Automated tests pass. I verified that I could use this image in my testing environment and it was correctly able to access secrets owned by the cyhy user with permissions of 0440.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Change the default uid/gid for the unprivileged user
982d414 
This aligns us with changes made in cisagov/cyhy_amis to set up the
`cyhy` user/group with a uid of 2048. This should allow secrets that
are set to read-only for the `cyhy` user to be usable by the Docker
image's unprivileged user.
@mcdonnnj mcdonnnj added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Nov 14, 2022
@mcdonnnj mcdonnnj self-assigned this Nov 14, 2022
@mcdonnnj mcdonnnj merged commit 9efd30a into improvement/modernize_project Nov 14, 2022
@mcdonnnj mcdonnnj deleted the improvement/change_uid_and_gid branch November 14, 2022 19:00
@mcdonnnj mcdonnnj mentioned this pull request Feb 15, 2023
Merged
10 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy

Assignees

@mcdonnnj mcdonnnj

Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mcdonnnj @jsf9k @dav3r