Skip to content

Running 389 directory server as a dirsrv(non-root) user #3054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Running 389 directory server as a dirsrv(non-root) user #3054

wants to merge 1 commit into from

Conversation

@rcmadhankumar
Copy link
Contributor

@rcmadhankumar rcmadhankumar commented Oct 17, 2025

No description provided.

bci-pushman pushed a commit that referenced this pull request Oct 17, 2025
Test build for #3054
e20a571
@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

Created a staging project on OBS for 7: home:pushman:BCI:Staging:SLE-15-SP7:7-3054
Changes pushed to branch 7-3054 as commit 763f8c2d14ffb70c5db2357e5eac46604864600f
Build succeeded ✅

Build Results

Repository images in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for x86_64: current state: published
Build results:

package name status build log
389-ds-container ⛔ excluded live log

Repository images in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for aarch64: current state: published
Build results:

package name status build log
389-ds-container ⛔ excluded live log

Repository images in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for s390x: current state: published
Build results:

package name status build log
389-ds-container ⛔ excluded live log

Repository images in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for ppc64le: current state: published
Build results:

package name status build log
389-ds-container ⛔ excluded live log

Repository containerfile in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for x86_64: current state: published
Build results:

package name status build log
389-ds-container ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for aarch64: current state: published
Build results:

package name status build log
389-ds-container ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for s390x: current state: published
Build results:

package name status build log
389-ds-container ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:SLE-15-SP7:7-3054 for ppc64le: current state: published
Build results:

package name status build log
389-ds-container ✅ succeeded live log

Build succeeded ✅

To run BCI-tests against this PR, use the following command:

OS_VERSION=15.7 TARGET=custom BASEURL=registry.opensuse.org/home/pushman/bci/staging/sle-15-sp7/7-3054/ tox -- -n auto
The following images can be pulled from the staging project:
  • registry.opensuse.org/home/pushman/bci/staging/sle-15-sp7/7-3054/containerfile/suse/389-ds:latest

bci-pushman pushed a commit that referenced this pull request Oct 17, 2025
Test build for #3054
a9500c9
@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

Created a staging project on OBS for Tumbleweed: home:pushman:BCI:Staging:Tumbleweed:Tumbleweed-3054
Changes pushed to branch Tumbleweed-3054 as commit a1fcaf4e518cdbc7eb691b8ecfe350b10b1540ef
Build succeeded ✅

Build Results

Repository images in home:pushman:BCI:Staging:Tumbleweed:Tumbleweed-3054 for x86_64: current state: published
Build results:

package name status build log
389-ds-image ⛔ excluded live log

Repository images in home:pushman:BCI:Staging:Tumbleweed:Tumbleweed-3054 for aarch64: current state: published
Build results:

package name status build log
389-ds-image ⛔ excluded live log

Repository containerfile in home:pushman:BCI:Staging:Tumbleweed:Tumbleweed-3054 for x86_64: current state: published
Build results:

package name status build log
389-ds-image ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:Tumbleweed:Tumbleweed-3054 for aarch64: current state: published
Build results:

package name status build log
389-ds-image ✅ succeeded live log

Build succeeded ✅

To run BCI-tests against this PR, use the following command:

OS_VERSION=tumbleweed TARGET=custom BASEURL=registry.opensuse.org/home/pushman/bci/staging/tumbleweed/tumbleweed-3054/ tox -- -n auto
The following images can be pulled from the staging project:
  • registry.opensuse.org/home/pushman/bci/staging/tumbleweed/tumbleweed-3054/containerfile/opensuse/389-ds:latest

bci-pushman pushed a commit that referenced this pull request Oct 17, 2025
Test build for #3054
05e08b1
@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

Created a staging project on OBS for 16.0: home:pushman:BCI:Staging:16.0:16.0-3054
Changes pushed to branch 16.0-3054 as commit 5e6be09481d866d96e09f6f11d94a9b94d591622
Build succeeded ✅

Build Results

Repository containerkiwi in home:pushman:BCI:Staging:16.0:16.0-3054 for x86_64: current state: published
Build results:

package name status build log
389-ds-image ⛔ excluded live log

Repository containerkiwi in home:pushman:BCI:Staging:16.0:16.0-3054 for aarch64: current state: published
Build results:

package name status build log
389-ds-image ⛔ excluded live log

Repository containerkiwi in home:pushman:BCI:Staging:16.0:16.0-3054 for s390x: current state: published
Build results:

package name status build log
389-ds-image ⛔ excluded live log

Repository containerkiwi in home:pushman:BCI:Staging:16.0:16.0-3054 for ppc64le: current state: published
Build results:

package name status build log
389-ds-image ⛔ excluded live log

Repository containerfile in home:pushman:BCI:Staging:16.0:16.0-3054 for x86_64: current state: published
Build results:

package name status build log
389-ds-image ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:16.0:16.0-3054 for aarch64: current state: published
Build results:

package name status build log
389-ds-image ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:16.0:16.0-3054 for s390x: current state: published
Build results:

package name status build log
389-ds-image ✅ succeeded live log

Repository containerfile in home:pushman:BCI:Staging:16.0:16.0-3054 for ppc64le: current state: published
Build results:

package name status build log
389-ds-image ✅ succeeded live log

Build succeeded ✅

To run BCI-tests against this PR, use the following command:

OS_VERSION=16.0 TARGET=custom BASEURL=registry.opensuse.org/home/pushman/bci/staging/16.0/16.0-3054/ tox -- -n auto
The following images can be pulled from the staging project:
  • registry.opensuse.org/home/pushman/bci/staging/16.0/16.0-3054/containerfile/suse/389-ds:3.0

@rcmadhankumar rcmadhankumar mentioned this pull request Oct 17, 2025
Open
dirkmueller
dirkmueller reviewed Oct 17, 2025
View reviewed changes
src/bci_build/package/appcontainers.py Outdated
ln -s /data/run /var/run/dirsrv
ln -s /data/run /var/run/dirsrv; \
chown -R dirsrv: /data;\
chown -R dirsrv: /run/dirsrv; \
Copy link
Member

@dirkmueller dirkmueller Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: can we just set the permissions from start by changing line 135 to install -d -m 0755 -o .. -g .. /path/to/dir

dirkmueller
dirkmueller requested changes Oct 25, 2025
View reviewed changes
src/bci_build/package/appcontainers.py
ln -s /data/ssca /etc/dirsrv/ssca; \
ln -s /data/run /var/run/dirsrv
ln -s /data/run /var/run/dirsrv; \
chown -R dirsrv: /data;\
Copy link
Member

@dirkmueller dirkmueller Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update the mkdir -p /data/config to install -d -o dirsrv -g dirsrv /data, install -d -o dirsrv -g dirsv /data/config

overall this only works for podman and cannot work for docker as the directory permissions are not preserved for volumes.

Copy link
Contributor Author

@rcmadhankumar rcmadhankumar Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed.

Copy link
Member

@alexandrevicenzi alexandrevicenzi Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can merge all mkdir commands into one install and group the chown commands.

install -d -o dirsrv -g dirsrv /data /data/config /data/ssca /data/run /var/run/dirsrv; \
ln -s /data/config /etc/dirsrv/slapd-localhost; \
ln -s /data/ssca /etc/dirsrv/ssca; \
ln -s /data/run /var/run/dirsrv; \
chown -R dirsrv:dirsrv /data /var/run/dirsrv; \
chgrp -R dirsrv /etc/dirsrv;

bci-pushman pushed a commit that referenced this pull request Nov 3, 2025
Test build for #3054
a1fcaf4
bci-pushman pushed a commit that referenced this pull request Nov 3, 2025
Test build for #3054
5e6be09
bci-pushman pushed a commit that referenced this pull request Nov 3, 2025
Test build for #3054
763f8c2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexandrevicenzi alexandrevicenzi alexandrevicenzi approved these changes

@dirkmueller dirkmueller dirkmueller requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rcmadhankumar @dirkmueller @alexandrevicenzi