MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 13:39:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate auto detection of container user (#7930)

Browse Source 
There is no reliable way to handle fallbacks for
MinIO deployments, due to various command line
options and multiple locations which require
access inside container.

Parsing command line options is tricky to figure
out which is the backend disk etc, we did try
to fix this in implementations of check-user.go
but it wasn't complete and introduced more bugs.

This PR simplifies the entire approach to rather
than running Docker container as non-root by default
always, it allows users to opt-in. Such that they
are aware that that is what they are planning to do.

In-fact there are other ways docker containers can
be run as regular users, without modifying our
internal behavior and adding more complexities.
This commit is contained in:
Harshavardhana
2019-07-17 11:20:55 -07:00
committed by kannappanr
parent 12353caf35
commit 55dd017e62
8 changed files with 21 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/docker/README.md
View File

@@ -58,20 +58,19 @@ docker run -p 9000:9000 --name minio1 \
minio/minio server /data
```
### Run MinIO Docker as non root user
MinIO server runs as non-root within the container by default. However, this is applicable only if you're deploying new MinIO instance (not upgrading from older releases). Deployments upgrading from older MinIO deployments, will continue to run as the user previously used if any.
### Run MinIO Docker as regular user
MinIO server doesn't run as a regular user by default in docker containers. To run MinIO container as regular user use environment variables `MINIO_USERNAME` and `MINIO_GROUPNAME`.
By default `minio` is username and groupname. Use environment variables `MINIO_USERNAME` and `MINIO_GROUPNAME` to override these default values.
> NOTE: If you are upgrading from existing deployments, you need to make sure this user has write access to previous persistent volumes. MinIO will not migrate the content automatically.
#### GNU/Linux and macOS
```sh
docker run -p 9000:9000 --name minio1 \
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
-e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
-e "MINIO_USERNAME=custom" \
-e "MINIO_GROUPNAME=custom" \
-e "MINIO_USERNAME=minio-user" \
-e "MINIO_GROUPNAME=minio-user" \
-v /mnt/data:/data \
-v /mnt/config:/root/.minio \
minio/minio server /data
```
@@ -80,10 +79,9 @@ docker run -p 9000:9000 --name minio1 \
docker run -p 9000:9000 --name minio1 \
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
-e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
-e "MINIO_USERNAME=custom" \
-e "MINIO_GROUPNAME=custom" \
-e "MINIO_USERNAME=minio-user" \
-e "MINIO_GROUPNAME=minio-user" \
-v D:\data:/data \
-v D:\minio\config:/root/.minio \
minio/minio server /data
```