This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

CloudRun and user groups

Posted on 12-22-2024 10:44 AM
TimyShark-edu
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I am building a CloudRun for my application has the Dockerfile like this

FROM ubuntu:22.04

FROM ubuntu:22.04
RUN apt -y update && apt -y install sudo
RUN useradd -G sudo,www-data -s /bin/bash timmy
RUN passwd -d timmy
RUN cat <<EOF > test.sh
id
sudo mkdir -p /var/www/sample-site
sudo touch /var/www/sample-site/index.html
sudo chown -R root:www-data /var/www/sample-site
sudo chmod -R 770 /var/www/sample-site
ls -al /var/www
echo "Sample site" > /var/www/sample-site/index.html
cat /var/www/sample-site/index.html
EOF
RUN chmod +x test.sh
USER timmy
ENTRYPOINT [ "/bin/bash","-c","./test.sh" ]
 
The output from docker run -it test:latest 
uid=1000(timmy) gid=1000(timmy) groups=1000(timmy),27(sudo),33(www-data)
total 0
drwxr-xr-x. 3 root root 25 Dec 22 18:26 .
drwxr-xr-x. 1 root root 17 Dec 22 18:26 ..
drwxrwx---. 2 root www-data 24 Dec 22 18:26 sample-site
Sample site
us-west1-docker.pkg.dev/edudate-academy-alpha-de804/edudateacademy/test:latest
 
THE PROBLE : the output log from Cloud Run is this
DEFAULT 2024-12-22T18:26:35.057412Z uid=1000(timmy) gid=1000(timmy) groups=1000(timmy)
DEFAULT 2024-12-22T18:26:35.261301Z total 0
DEFAULT 2024-12-22T18:26:35.261312Z drwxr-xr-x 3 root root 60 Dec 22 18:26 .
DEFAULT 2024-12-22T18:26:35.261316Z drwxr-xr-x 1 root root 60 Dec 22 18:26 ..
DEFAULT 2024-12-22T18:26:35.261320Z drwxrwx--- 2 root www-data 60 Dec 22 18:26 sample-site
DEFAULT 2024-12-22T18:26:35.261505Z ./test.sh: line 7: /var/www/sample-site/index.html: Permission denied
DEFAULT 2024-12-22T18:26:35.266643Z cat: /var/www/sample-site/index.html: Permission denied
DEFAULT 2024-12-22T18:40:01.616061Z root:x:0:
DEFAULT 2024-12-22T18:40:01.616074Z daemon:x:1:
DEFAULT 2024-12-22T18:40:01.616079Z bin:x:2:
:
DEFAULT 2024-12-22T18:40:01.616156Z sudo:x:27:timmy
DEFAULT 2024-12-22T18:40:01.616169Z www-data:x:33:timmy
DEFAULT 2024-12-22T18:40:01.616242Z timmy:x:1000:
:
 
--------------------------------------------------------
Conclusion:
1. The sudo --no-new-privileges flag is reset only when I use Cloud SQL Connection (even if I don't need it) but it seems to be the only way you can reset the flag otherwise I won't be able to use sudo
2. the id command in both runs are different, although both can sudo (meaning it recognize it is sudo group) although not showing in the id command when CloudRun executes
3. Permission denied although timmy has group www-data and it not showing it my group,
 
0 0 86
Topic Labels
0 Likes
0 REPLIES 0
Top Solution Authors
View all