From 7e76c45264a2730fdbe15d4cf460c04bfc3e00d5 Mon Sep 17 00:00:00 2001
From: Lishen Yao <yaalsn@gmail.com>
Date: Fri, 8 Dec 2023 12:38:00 +0800
Subject: [PATCH] [improve][sec] Revert "Add group pulsar and add user pulsar
 to it instead of root" (#21691)

Reverts #21084. Because the change breaks OpenShift support.
---
 docker/pulsar/Dockerfile                            | 9 ++-------
 tests/docker-images/java-test-image/Dockerfile      | 6 +++---
 tests/docker-images/latest-version-image/Dockerfile | 4 ++++
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/docker/pulsar/Dockerfile b/docker/pulsar/Dockerfile
index 77b4b380ed187..2bd6d402f7694 100644
--- a/docker/pulsar/Dockerfile
+++ b/docker/pulsar/Dockerfile
@@ -95,12 +95,7 @@ RUN mkdir /pulsar && chmod g+w /pulsar
 
 ENV PULSAR_ROOT_LOGGER=INFO,CONSOLE
 
-RUN groupadd -g 10000 pulsar && \
-    useradd -r -u 10000 -g pulsar pulsar
-
-COPY --from=pulsar --chown=10000:10000 /pulsar /pulsar
-RUN chown pulsar:pulsar /pulsar
-
+COPY --from=pulsar /pulsar /pulsar
 WORKDIR /pulsar
 
 ARG PULSAR_CLIENT_PYTHON_VERSION
@@ -111,4 +106,4 @@ RUN chmod +x /pulsar/bin/install-pulsar-client.sh
 RUN /pulsar/bin/install-pulsar-client.sh
 
 # The UID must be non-zero. Otherwise, it is arbitrary. No logic should rely on its specific value.
-USER 10000:10000
+USER 10000
diff --git a/tests/docker-images/java-test-image/Dockerfile b/tests/docker-images/java-test-image/Dockerfile
index c17b5a90d09c9..6a9c7d10331be 100644
--- a/tests/docker-images/java-test-image/Dockerfile
+++ b/tests/docker-images/java-test-image/Dockerfile
@@ -19,8 +19,8 @@
 
 FROM ubuntu:22.04
 
-RUN groupadd -g 10000 pulsar && \
-    useradd -r -u 10000 -g pulsar pulsar
+RUN groupadd -g 10001 pulsar
+RUN adduser -u 10000 --gid 10001 --disabled-login --disabled-password --gecos '' pulsar
 
 ARG PULSAR_TARBALL=target/pulsar-server-distribution-bin.tar.gz
 ADD ${PULSAR_TARBALL} /
@@ -76,7 +76,7 @@ COPY target/java-test-functions.jar /pulsar/examples/
 
 ENV PULSAR_ROOT_LOGGER=INFO,CONSOLE
 
-RUN chown -R pulsar:pulsar /pulsar
+RUN chown -R pulsar:0 /pulsar && chmod -R g=u /pulsar
 
 # cleanup
 RUN apt-get -y --purge autoremove \
diff --git a/tests/docker-images/latest-version-image/Dockerfile b/tests/docker-images/latest-version-image/Dockerfile
index 602f917700b65..99672773dcbc8 100644
--- a/tests/docker-images/latest-version-image/Dockerfile
+++ b/tests/docker-images/latest-version-image/Dockerfile
@@ -40,6 +40,10 @@ FROM apachepulsar/pulsar:latest
 # However, any processes exec'ing into the containers will run as root, by default.
 USER root
 
+# We need to define the user in order for supervisord to work correctly
+# We don't need a user defined in the public docker image, though.
+RUN adduser -u 10000 --gid 0 --disabled-login --disabled-password --gecos '' pulsar
+
 RUN rm -rf /var/lib/apt/lists/* && apt update
 
 RUN apt-get clean && apt-get update && apt-get install -y supervisor vim procps curl