Summary
#141 changed ARG OPENVOX_USER_UID / OPENVOX_USER_GID from 999 to 1001. Existing persisted data written by prior images (owned 999:999) is no longer owned by the running process, and any deployment pinning 999 breaks. This is a silent breaking change.
Affected images
Evidence
OLD: puppet:x:999:999:puppetserver daemon:/opt/puppetlabs/server/data/puppetserver:/bin/sh
NEW: puppet:x:1001:1001::/opt/puppetlabs/server/data/puppetserver:/usr/sbin/nologin
(The login shell also changed /bin/sh → /usr/sbin/nologin.)
Impact
- Persisted volumes (CA dir, SSL,
server/data/puppetserver, reports, code) written as 999:999 become inaccessible to the new process (uid 1001) on upgrade, with no automatic remediation.
- Deployments hard-coding
user: "999:999", K8s runAsUser: 999, or host ACLs for uid 999 break.
docker exec … sh / debugging as the puppet user breaks due to the nologin shell change.
Suggested fix
Either:
- Revert to UID/GID
999 to preserve compatibility; or
- Keep
1001 but treat it as a documented breaking change — release notes + an upgrade step (recursive chown of persisted dirs) and a clear statement of the new shell. If the UID is meant to be configurable, document the OPENVOX_USER_UID/GID build args and the implications of changing them.
Consider whether the shell change to nologin is intentional; if debugging access matters, retain a usable shell.
Related: #148, #149 — all stem from #141.
Summary
#141 changed
ARG OPENVOX_USER_UID/OPENVOX_USER_GIDfrom999to1001. Existing persisted data written by prior images (owned999:999) is no longer owned by the running process, and any deployment pinning999breaks. This is a silent breaking change.Affected images
ghcr.io/openvoxproject/openvoxserver:8.13.0-main@sha256:a9b17904f0f92e8bf29344c8dc12a5106da92d4962c5a03f359a2a15edb0c47b(post-feat: unionize Ubuntu Containerfile with the one for Alpine #141)…@sha256:c49843bd94e4caae5e23fcf790afb28a44629ac55f99db489df77cab7fa0b77cEvidence
(The login shell also changed
/bin/sh→/usr/sbin/nologin.)Impact
server/data/puppetserver, reports, code) written as999:999become inaccessible to the new process (uid 1001) on upgrade, with no automatic remediation.user: "999:999", K8srunAsUser: 999, or host ACLs for uid 999 break.docker exec … sh/ debugging as the puppet user breaks due to thenologinshell change.Suggested fix
Either:
999to preserve compatibility; or1001but treat it as a documented breaking change — release notes + an upgrade step (recursivechownof persisted dirs) and a clear statement of the new shell. If the UID is meant to be configurable, document theOPENVOX_USER_UID/GIDbuild args and the implications of changing them.Consider whether the shell change to
nologinis intentional; if debugging access matters, retain a usable shell.Related: #148, #149 — all stem from #141.