From 7dc31bf7fee64fcd005cffdcf1e49a157ca8ce17 Mon Sep 17 00:00:00 2001 From: Burt Holzman Date: Wed, 19 Nov 2025 17:08:44 -0600 Subject: [PATCH] Restore OKD-needed permissions for home directories The switch from the base image from bookworm to trixie changed the default umask from 022 to 077. This restores the previous behavior needed for OKD, which runs the container as an ephemeral user with GID 0. --- code_generator_TopCPToolkit/Dockerfile | 2 +- code_generator_funcadl_uproot/Dockerfile | 2 +- code_generator_funcadl_xAOD/Dockerfile | 2 +- code_generator_python/Dockerfile | 2 +- code_generator_raw_uproot/Dockerfile | 2 +- servicex_app/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/code_generator_TopCPToolkit/Dockerfile b/code_generator_TopCPToolkit/Dockerfile index ec8adf0ce..5f0ba76e7 100644 --- a/code_generator_TopCPToolkit/Dockerfile +++ b/code_generator_TopCPToolkit/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.10 -RUN useradd -ms /bin/bash servicex +RUN useradd -ms /bin/bash -g 0 servicex && chmod 0750 /home/servicex RUN apt-get update && apt-get install -y netcat-traditional && rm -rf /var/lib/apt/lists/* WORKDIR /home/servicex diff --git a/code_generator_funcadl_uproot/Dockerfile b/code_generator_funcadl_uproot/Dockerfile index 6c7a60ca5..0fffaec9a 100644 --- a/code_generator_funcadl_uproot/Dockerfile +++ b/code_generator_funcadl_uproot/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.10 -RUN useradd -ms /bin/bash servicex +RUN useradd -ms /bin/bash -g 0 servicex && chmod 0750 /home/servicex WORKDIR /home/servicex RUN mkdir ./uproot_code_generator diff --git a/code_generator_funcadl_xAOD/Dockerfile b/code_generator_funcadl_xAOD/Dockerfile index d7650d35f..543887a9a 100644 --- a/code_generator_funcadl_xAOD/Dockerfile +++ b/code_generator_funcadl_xAOD/Dockerfile @@ -5,7 +5,7 @@ ARG APP_CONFIG_FILE="app.atlas.xaod.conf" ENV POETRY_VERSION=2.1.1 RUN pip install poetry==$POETRY_VERSION -RUN useradd -ms /bin/bash servicex +RUN useradd -ms /bin/bash -g 0 servicex && chmod 0750 /home/servicex WORKDIR /home/servicex RUN mkdir ./xaod_code_generator diff --git a/code_generator_python/Dockerfile b/code_generator_python/Dockerfile index 1e1df9814..38dae7916 100644 --- a/code_generator_python/Dockerfile +++ b/code_generator_python/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.10 -RUN useradd -ms /bin/bash servicex +RUN useradd -ms /bin/bash -g 0 servicex && chmod 0750 /home/servicex WORKDIR /home/servicex RUN mkdir ./python_code_generator diff --git a/code_generator_raw_uproot/Dockerfile b/code_generator_raw_uproot/Dockerfile index 78bce9425..0eff99888 100644 --- a/code_generator_raw_uproot/Dockerfile +++ b/code_generator_raw_uproot/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.10 -RUN useradd -ms /bin/bash servicex +RUN useradd -ms /bin/bash -g 0 servicex && chmod 0750 /home/servicex RUN apt-get update && apt-get install -y netcat-traditional && rm -rf /var/lib/apt/lists/* WORKDIR /home/servicex diff --git a/servicex_app/Dockerfile b/servicex_app/Dockerfile index 3b618b958..cee8ef3ba 100644 --- a/servicex_app/Dockerfile +++ b/servicex_app/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.10 -RUN useradd -ms /bin/bash servicex +RUN useradd -ms /bin/bash -g 0 servicex && chmod 0750 /home/servicex WORKDIR /home/servicex RUN mkdir ./servicex