From 887388e572377e220c8a15e29a1e346daecca13d Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 25 Aug 2020 15:05:12 -0700 Subject: [PATCH] Remove mention of APACHE_RUN_USER/APACHE_RUN_GROUP which are not a general solution --- php/content.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/php/content.md b/php/content.md index d97244e1d..31a100839 100644 --- a/php/content.md +++ b/php/content.md @@ -133,11 +133,10 @@ RUN curl -fsSL 'https://xcache.lighttpd.net/pub/Releases/3.2.0/xcache-3.2.0.tar. ## Running as an arbitrary user -For running the Apache variants as an arbitrary user, there are several choices: +For running the Apache variants as an arbitrary user, there are a couple choices: -- If your kernel [is version 4.11 or newer](https://github.com/moby/moby/issues/8460#issuecomment-312459310), you can add `--sysctl net.ipv4.ip_unprivileged_port_start=0` and then `--user` should work as it does for FPM. +- If your kernel [is version 4.11 or newer](https://github.com/moby/moby/issues/8460#issuecomment-312459310), you can add `--sysctl net.ipv4.ip_unprivileged_port_start=0` (which [will be the default in a future version of Docker](https://github.com/moby/moby/pull/41030)) and then `--user` should work as it does for FPM. - If you adjust the Apache configuration to use an "unprivileged" port (greater than 1024 by default), then `--user` should work as it does for FPM regardless of kernel version. -- Otherwise, setting `APACHE_RUN_USER` and/or `APACHE_RUN_GROUP` should have the desired effect (for example, `-e APACHE_RUN_USER=daemon` or `-e APACHE_RUN_USER=#1000` -- see [the Apache `User` directive documentation for details on the expected syntax](https://httpd.apache.org/docs/2.4/mod/mod_unixd.html#user)). For running the FPM variants as an arbitrary user, the `--user` flag to `docker run` should be used (which can accept both a username/group in the container's `/etc/passwd` file like `--user daemon` or a specific UID/GID like `--user 1000:1000`).