Fix group ownership and file permissions

OpenShift runs containers using an arbitrarily assigned user ID, the group ID must always be set to the root group (0) so the /data1 folder and model files that the minio server process needs to access must have their group ownership set to the root group. They also need to be read/writable by that group as per OpenShift Container Platform-specific guidelines. https://developers.redhat.com/blog/2020/10/26/adapting-docker-and-kubernetes-containers-to-run-on-red-hat-openshift-container-platform#group_ownership_and_file_permission Resolves kserve/modelmesh-serving#215 Signed-off-by: Christian Kadner <[email protected]>
kserve · Jan 26, 2023 · 1a49ab0 · 1a49ab0
1 parent eb75e14
commit 1a49ab0
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -23,7 +23,9 @@ USER root
 
 RUN useradd -u 1000 -g 0 modelmesh
 RUN mkdir -p ${MODEL_DIR}
-RUN chown -R 1000:0 /data1
+RUN chown -R 1000:0 /data1 && \
+    chgrp -R 0 /data1 && \
+    chmod -R g=u /data1
 
 COPY --chown=1000:0 keras      ${MODEL_DIR}/keras/
 COPY --chown=1000:0 lightgbm   ${MODEL_DIR}/lightgbm/