https://prefect.io logo
Title
m

Matt Alhonte

06/02/2022, 11:54 PM
Is there a way to have Flows run as a different Linux user (as in, not
root
?)
k

Kevin Kho

06/03/2022, 12:02 AM
How would you do it without Prefect?
m

Matt Alhonte

06/03/2022, 12:06 AM
I guess
su <user>
? (I feel like I tried doing that with the Bash Task before and it not quite working though?)
k

Kevin Kho

06/03/2022, 12:07 AM
What is your agent? Maybe you can try as entrypoint? Sounds like it can’t be done though
m

Matt Alhonte

06/03/2022, 12:09 AM
ECSAgent
k

Kevin Kho

06/03/2022, 12:09 AM
Am looking here for any keyword that might help but not seeing any
πŸ‘ 1
a

Anna Geller

06/03/2022, 12:55 AM
you could specify the USER in your Dockerfile before building and pushing your image to ECR:
FROM prefecthq/prefect:latest
COPY requirements.txt .
RUN pip install -r requirements.txt
USER 1000:1000
🀯 1
m

Matt Alhonte

06/03/2022, 12:58 AM
Tried that, actually! No luck 😞
a

Anna Geller

06/03/2022, 1:01 AM
could you elaborate a bit more on what do you mean by no luck? can you walk us step by step on how you build the image and how you test which user runs processes in the container?
m

Matt Alhonte

06/03/2022, 1:07 AM
So, I tried having a line of
USER <number>
in the Dockerfile, but it still winds up creating certain files (generated by some internal code) in a way that makes them only usable by
root
also tried doing this in the
sh
for the startup of the container using that image.
a

Anna Geller

06/03/2022, 10:49 AM
Thanks for more details. Doing only
USER <number>
in the Dockerfile doesn't include the user group - can you try adding both user and user group? e.g. USER 1000:1000