I have a VM (RockyLinux) and I login to it with Active Directory, so this account doesn't exist in the /etc/passwd file of this VM.
When I use this AD account, the uid and gid (for ex. uid=801224105 gid=801200414) are different from those in my container (docker).
The sources are in a volume, so I have a permissions problem in my container because the container use uid and gid 1000:1000.
I know I can map a user with userns-remap, but only if the user exists in /etc/passwd.
Do you have any idea ?
Many thanks
Related
In this url https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files, it says that:
Azure file share volume mount requires the Linux container run as root .
Azure File share volume mounts are limited to CIFS support.
I have an azure container instance with postgres and postgres doesn't allow me to run the server as root.
The Azure file share owner is set to root and the user group also set to root and I will not be able to change both the permissions and the owner and the user group of the azure file share folder?
I would want to set the owner and group of the folder to postgres for example and change its permissions.
I made a file on Azure using "File Service" and then tried to mount it using "connect". It has given me the username: localhost\xyz.
Two questions:
why username starting from "localhost" and not with "Azure"?
why I am unable to mount as windows security not giving any error, instead keep on turning back to credentials page?
p.s. TCP port 445 working properly..
Here are a few workarounds that worked for us.
WAY-1
You can directly go to your PowerShell of your machine and paste the script that you have provided in your storage account
WAY-2
You can click on More options and select for different account and then use the storage account name prepended with AZURE\ as the username and a storage account key as the password.
WAY-3
You can create a file share directly by unchecking the connect using different credentials.
OUTPUT:
For all the above ways here is the screenshot of fileshares that got mounted.
REFERENCES:
Mount SMB Azure file share on Windows
I'm trying to deploy atmoz sftp images for multiple users. I am new to this technology.
Below are the points I have tried.
I took the template from GitHub and deployed it on azure and with the help of the template I'm able to create the two users(users1 and users2).
For users1 I have created the folder1 and for user2 folder2 and I'm able to see the same structure while login into sftp.
For both the folders I have created the different file share.
My requirement is now to show both the folders to both the users but with user defined permission. users1 should have write permission on folder1 and read permission on folder2 and user2 should have write permission on folder2 and only read permission on folder1.
SFTP login for first user i.e user1
Currently, the Azure Container Instance does not support to change the permission when you mount the Azure File Share. And you can see all the users home path are owned by the root user and the root group:
And when you execute the command mount inside the container instance, you can see it like this:
Both file_mode and the dir_mode are set with the permission 0777. And there is no property to change the mount options in the ARM template. So I'm afraid you cannot achieve your purpose.
I have mounted a bucket to archive old data. My problem is, a non-root user needs access to these files from time to time. Is there any way to grant her read access to this bucket/mount. She uses Windows if that matters.
You can give her read permissions over the bucket so she can see the files using cloud console, as you are using fuse, locally All files have permission bits 0644, and all directories have permission bits 0755, you can find more information on how to change those fuse permissions here
I'm mostly new to Gitlab and the Windows command line. I set up a Gitlab runner on my windows PC and it works well. However, I want to restrict it so that it can only access the folder I set it up in, and all subfolders. What is the most reliable way to do this?
Since the GitLab runner is installed as a service, you could:
create a second Windows account
use that account to register your service
gitlab-runner install --user ENTER-YOUR-SECOND-USERNAME --password ENTER-YOUR-SECOND-PASSWORD
protect the folder (and its content) you want with the second user account.
By default, the second account would not have read/write access to at least your own C:\user\login, provided you change the File and Folder permission setting.