I am trying to use the mysql-tomcat docker in a container that cant run as root.
There are clearly some issues with the permissions not running as root.
For testing purposes I have made a a few chmod -R 777 to get it to run.
XWiki starts up and the browser shows XWIki initializing at 12% and then 25% but then fails.
The pod log doesnt show much information for why it fails.Here are the last lines
2020-03-27 16:34:58,292 [XWiki initialization] INFO .HibernateDataMigrationManager - R1130040XWIKI16682 - Fix attachments content store id missed because of a bug in migration R1100000XWIKI15620
2020-03-27 16:34:58,292 [XWiki initialization] INFO .HibernateDataMigrationManager - R1138000XWIKI16709 - Remove disable property and add checked_email property in XWikiUser documents.
2020-03-27 16:34:58,293 [XWiki initialization] INFO .HibernateDataMigrationManager - Running early schema updates (using liquibase) for database [xwiki]
Is there a recommended method to run as non-root?
How can I debug this better?
So you cannot use that if you want a different setup. You’ll need to create your own Dockerfile or extend the xwiki one and give the proper permissions to the various directories.
There’s no limitation to run xwiki as non-root provide the user used to start the servlet container (e.g. tomcat) can read and write in the proper directories (e.g. the permanent directory, etc).
I notice that libreoffice that is included in the Docker file was the cause of many or the permissions errors.
To run as non-root would 3rd party apps like libreoffice have to be installed on a separate volume? I mean if XWiki extensions are added in the future to this installation would they assume root access and therefore fail?
LO is a separate process. You can start XWiki and LO under the user you wish. All that’s important is that XWiki can talk to the LO process using a socket (thanks to jodconverter).