Update the startServer.sh copy functionality to only chmod owned files #2046
Conversation
| if [ -O "$2" ]; then | ||
| chmod 770 $2 | ||
| [ $? -ne 0 ] && trace SEVERE "failed chmod 770 $2" && exitOrLoop | ||
| fi |
There was a problem hiding this comment.
What file isn't owned? Note that there is similar logic in the liveness probe script.
There was a problem hiding this comment.
On OpenShift, the containers will not be run as the "oracle" user, but instead will be run as a new user (large UID), but that is part of the "root" group. In the case of the boot.properties, or any file that already exists and is being copied over, the file will still be owned by "oracle" and so the script cannot chmod the file.
There was a problem hiding this comment.
Yes, I'll change the liveness probe too
There was a problem hiding this comment.
It's interesting that boot.properties is created and copied over by the operator at runtime (contains the WL credentials), but it still needs an unknown check and a chmod...
There was a problem hiding this comment.
It's not copied by the "operator". It's copied by the user principal inside the server instance running a script injected by the operator.
This is part of making restrictive SCC work on OpenShift. In addition to the specific change to startServer.sh to only chmod when permitted, I noticed that many of the integration tests were initializing PV's with chown oracle:oracle rather than with oracle:root. I've updated those references too.