Skip to content

Commit

Permalink
Backport #19096 to 21.1: Docker: fix uid/gid of the clickhouse user
Browse files Browse the repository at this point in the history
  • Loading branch information
robot-clickhouse committed Jan 15, 2021
1 parent 584747e commit 811ac80
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 4 deletions.
12 changes: 11 additions & 1 deletion docker/server/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,17 @@ ARG repository="deb https://repo.clickhouse.tech/deb/stable/ main/"
ARG version=21.1.2.*
ARG gosu_ver=1.10

RUN apt-get update \
# user/group precreated explicitly with fixed uid/gid on purpose.
# It is especially important for rootless containers: in that case entrypoint
# can't do chown and owners of mounted volumes should be configured externally.
# We do that in advance at the begining of Dockerfile before any packages will be
# installed to prevent picking those uid / gid by some unrelated software.
# The same uid / gid (101) is used both for alpine and ubuntu.
# Number 101 is used by default in openshift

RUN groupadd -r clickhouse --gid=101 \
&& useradd -r -g clickhouse --uid=101 --home-dir=/var/lib/clickhouse --shell=/bin/bash clickhouse \
&& apt-get update \
&& apt-get install --yes --no-install-recommends \
apt-transport-https \
ca-certificates \
Expand Down
13 changes: 10 additions & 3 deletions docker/server/Dockerfile.alpine
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,16 @@ ENV LANG=en_US.UTF-8 \

COPY alpine-root/ /

# from https://github.com/ClickHouse/ClickHouse/blob/master/debian/clickhouse-server.postinst
RUN addgroup clickhouse \
&& adduser -S -H -h /nonexistent -s /bin/false -G clickhouse -g "ClickHouse server" clickhouse \
# user/group precreated explicitly with fixed uid/gid on purpose.
# It is especially important for rootless containers: in that case entrypoint
# can't do chown and owners of mounted volumes should be configured externally.
# We do that in advance at the begining of Dockerfile before any packages will be
# installed to prevent picking those uid / gid by some unrelated software.
# The same uid / gid (101) is used both for alpine and ubuntu.
# Number 101 is used by default in openshift

RUN addgroup -S -g 101 clickhouse \
&& adduser -S -h /var/lib/clickhouse -s /bin/bash -G clickhouse -g "ClickHouse server" -u 101 clickhouse \
&& chown clickhouse:clickhouse /var/lib/clickhouse \
&& chmod 700 /var/lib/clickhouse \
&& chown root:clickhouse /var/log/clickhouse-server \
Expand Down

0 comments on commit 811ac80

Please sign in to comment.