Improved support for running as non-root #503
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR provides improved support for running crawler as non-root, matching the user to the uid/gid of the crawl volume.
This fixes #502 initial regression from 0.12.4, where
chmod u+x
was used instead ofchmod a+x
on the node binary files.However, that was not enough to fully support equivalent signal handling / graceful shutdown as when running with the same user. To make the running as different user path work the same way:
gosu
instead ofsu
(added in Brave 1.64.109 image)DETACHED_CHILD_PROC=1
env variable, set to 1 by default in the Dockerfile (to allow for overrides just in case)A test has been added which runs one of the tests with a non-root
test-crawls
directory to test the different user path. The test (saved-state.test.js) includes sending interrupt signals and graceful shutdown and allows testing of those features for a non-root gosu execution.Also bumping crawler version to 1.0.1