https://pantsbuild.org/ logo
#development
Title
# development
a

average-vr-56795

02/24/2023, 12:31 AM
@witty-crayon-22786 I happened to notice https://github.com/pantsbuild/pants/pull/18327 (well, you happened to mention me 😄) - are you aware of docker user namespaces? I've seen this used in CI environments - tl;dr is: In your docker container, you run things as root (user 0), but you use user remapping so that the in-container root user is your out-of-container executing user - it's a really handy way of avoiding permissions errors e.g. requiring sudo to clean-up stuff that happened in the container - as long as everything in the container runs as a predictable user (doesn't have to be root, but often is), you end up with exactly-as-you-want out-of-container permissions
(I didn't dig deep into the particular issues you were running into, but wanted to mention a maybe-useful tool for helping fix them!)
h

happy-kitchen-89482

02/24/2023, 12:33 AM
This seems like exactly what we want!
w

witty-crayon-22786

02/24/2023, 1:17 AM
i was not aware! thank you 😃 the tricky bit will be the:
as long as everything in the container runs as a predictable user (doesn’t have to be root, but often is)
aspect… but i expect that all solutions to https://github.com/pantsbuild/pants/issues/18329 seem like they will involve at least a little bit of user awareness
c

careful-address-89803

02/24/2023, 5:46 AM
I wonder if you could also inspect the docker container for the effective USER at the end and use that as the target for remapping.
👍 1