[improve][sec] Add group pulsar and add user pulsar to it instead of root

[yaalsn]

Motivation

Currently, the user pulsar is in the root group, it would be better to use the non-root group to keep more safety.

Modifications

• Add group pulsar (GID 10000)
• Add user pulsar (UID 10000) to group pulsar

Verifying this change

• Make sure that the change passes the CI checks.

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

[github-actions]

The pr had no activity for 30 days, mark with Stale label.

[zymap]

Failed to build the image:

Failed to execute goal io.fabric8:docker-maven-plugin:0.43.3:build (default) on project latest-version-image: Unable to build image [apachepulsar/pulsar-test-latest-version] : "The command '/bin/sh -c adduser -u 10000 --gid 0 --disabled-login --disabled-password --gecos '' pulsar' returned a non-zero code: 1" -> [Help 1]

[codecov-commenter]

Codecov Report

Merging #21084 (e89bd3e) into master (d099ac4) will increase coverage by 31.61%.
Report is 273 commits behind head on master.
The diff coverage is n/a.

Additional details and impacted files

@@              Coverage Diff              @@
##             master   #21084       +/-   ##
=============================================
+ Coverage     36.79%   68.40%   +31.61%     
- Complexity    12223    32193    +19970     
=============================================
  Files          1698     1881      +183     
  Lines        130168   162542    +32374     
  Branches      14206    19987     +5781     
=============================================
+ Hits          47890   111193    +63303     
+ Misses        75951    42375    -33576     
- Partials       6327     8974     +2647     

Flag	Coverage Δ
inttests	26.09% <ø> (+1.96%)	⬆️
systests	?
unittests	68.61% <ø> (+36.55%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1505 files with indirect coverage changes

[lhotari]

Currently, the user pulsar is in the root group, it would be better to use the non-root group to keep more safety.

I think we need to revert and first do a PIP if we are doing this change. This change will break Openshift support. I'll provide more details as a follow-up.

[lhotari]

This PR #13376 provides more context and the reference about why root group must be used for OpenShift support:

• https://engineering.bitnami.com/articles/running-non-root-containers-on-openshift.html
• https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids

The Container user is always a member of the root group, so it can read or write files accessible by GID=0. Any command invoked by the Entrypoint will be executed with this unprivileged UID and GID pair. That means, it is an unprivileged user executing the commands and the UID that will be used during execution is not known in advance. From the technical design perspective, that means, directories and files that may be written to by processes in the Container should be owned by the root group and be read/writable by GID=0. Files to be executed should also have group execute permissions.

[michaeljmarshall]

Why did we merge this without addressing my questions on the mailing list?

https://lists.apache.org/thread/34t3npt0368hppv1gk8wc808ofl786j3

I appreciate that you brought this to the mailing list @yaalsn, but we should not have merged this when there was active opposition and open questions.

[yaalsn]

@michaeljmarshall Sorry, I should disscuss more.