Run Octopus linux docker container as non root user

Hello,
I was recently interested in your linux docker container Octopus image. But I encountered a problem. When I run this image as user octopus (uid: 999 and gid: 999), logs says that the script cannot be executed - lack of privileges. In your dockerfile, I can see that you create this user and add proper privileges to some folders, but when I log into the container I see that this folder belongs to root (like taskLogs for example). Could you help me run your image as non root user, to limit the privileges of the user ?

I think that can happen if you are exposing restricted ports like port 80. change the port to use port 8080

Hi @Piotr, thanks for reaching out.

I’ve had a look at the way the image is being built, and unfortunately the volume mounting in the Dockerfile means that directories like /taskLogs can only be owned by the root user.

I’ve created an issue at https://github.com/OctopusDeploy/Issues/issues/6585 to have this limitation addressed.

The solution to this issue appears to be to change the source Dockerfile to set the correct directory permissions and fix the order of the VOLUME statements based on the feedback in this Docker issue.

However I don’t see a way to have the current Docker images run as a non-root user, as the fix will require a new image to be built. You can subscribe to the GitHub issue to be notified when a solution has been implemented, and to then gain access to the new image when it is available.

I apologize for the inconvenience, but thankyou for raising the issue with us.

Matt C

1 Like

@Matthew_Casperson thanks for you interest.

Now I understand, also keep in mind that root folder called /Octopus should be also belongs to user octopus.

@Matthew_Casperson Could you estimate, when fix will appear ?
It would be great to see the fix as soon as possible. Meanwhile I will follow the issue.

Piotr

Ho @Piotr,

A fix is being tested now, and we expect the fix to be included in 2020.5.

Regards
Matt C

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.