[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] [2.0.17] Warnings regarding user/group and readability for custom configuration files
|
You might be able to do what you want with init containers, see
https://stackoverflow.com/questions/70322031/does-docker-compose-support-init-container
Kubernetes has them too.
The init container could mount the file and copy it into place and
change the permissions/ownership in advance of the mosquito code using it.
I've got a similar issue relating to /etc/cron.d and I think I'm going
to mount the source cron file directory and then use an init container
to copy the files into place.
Hope this helps
Steve
On 8/25/2023 6:01 AM, Shan D via mosquitto-dev wrote:
Hi Roger and team,
As I went through the changelogs I saw the following:
>- Broker will log warnings if sensitive files are world
readable/writable, or
if the owner/group is not the same as the user/group the broker is
running
as. In future versions the broker will refuse to open these files.
I have an ACL file, Users File, and my Broker configuration that I
mount using either Docker Compose v2. Of course, I see the warning
logs for the UID/GID and file permissions in the Broker now.
My Question is what is the rationale behind this? This will only make
the deployment logic harder for users.
What this implies is that all custom files will require me to have a
user `mosquitto` (1883 ID) which I may not wish to have configured on
the operating system in the first place and vice versa where the files
generated by the docker container may be mounted on the host machine
with users which might cause mismatches as well making the directory
of the volumes requiring root access (because GID of root) which lot
of users may not have in the first place.
I would like to know if there are ways to make the deployment via
Docker compatible post 2.0.17 release so that future compatibility is
maintained if suddenly my configuration files get rejected.
Regards,
Shan
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev