Is there a way to have Flows run as a different Linux user a Prefect Community #prefect-community

Is there a way to have Flows run as a different Li...

Matt Alhonte

06/02/2022, 11:54 PM

Is there a way to have Flows run as a different Linux user (as in, not

root

Kevin Kho

06/03/2022, 12:02 AM

How would you do it without Prefect?

Matt Alhonte

06/03/2022, 12:06 AM

I guess

su <user>

? (I feel like I tried doing that with the Bash Task before and it not quite working though?)

Kevin Kho

06/03/2022, 12:07 AM

What is your agent? Maybe you can try as entrypoint? Sounds like it can’t be done though

Matt Alhonte

06/03/2022, 12:09 AM

ECSAgent

Kevin Kho

06/03/2022, 12:09 AM

Am looking here for any keyword that might help but not seeing any

👍 1

Anna Geller

06/03/2022, 12:55 AM

you could specify the USER in your Dockerfile before building and pushing your image to ECR:

Copy code

FROM prefecthq/prefect:latest
COPY requirements.txt .
RUN pip install -r requirements.txt
USER 1000:1000

🤯 1

Matt Alhonte

06/03/2022, 12:58 AM

Tried that, actually! No luck 😞

Anna Geller

06/03/2022, 1:01 AM

could you elaborate a bit more on what do you mean by no luck? can you walk us step by step on how you build the image and how you test which user runs processes in the container?

Matt Alhonte

06/03/2022, 1:07 AM

So, I tried having a line of

USER <number>

in the Dockerfile, but it still winds up creating certain files (generated by some internal code) in a way that makes them only usable by

root

Matt Alhonte

06/03/2022, 1:07 AM

also tried doing this in the

sh

for the startup of the container using that image.

Anna Geller

06/03/2022, 10:49 AM

Thanks for more details. Doing only

USER <number>

in the Dockerfile doesn't include the user group - can you try adding both user and user group? e.g. USER 1000:1000

26 Views

Open in Slack

Previous Next