Revert "Make envoy user part of the tty group instead of chown stderr… (

#34930) Revert "Make envoy user part of the tty group instead of chown stderr/stdout (#34830)" This reverts commit 43d6b1e. Signed-off-by: Ryan Northey <[email protected]>
envoyproxy · Jun 26, 2024 · 3aafd6d · 3aafd6d
1 parent 46f86da
commit 3aafd6d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy
@@ -17,9 +17,8 @@ FROM ${BUILD_OS}:${BUILD_TAG} AS envoy-base
 ENV DEBIAN_FRONTEND=noninteractive
 EXPOSE 10000
 CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"]
-# Ensure the envoy user is able to write to container logs owned by root:tty
 RUN mkdir -p /etc/envoy \
-    && useradd --system --no-create-home -d /nonexistent --groups tty --shell /usr/sbin/nologin envoy
+    && adduser --group --system envoy
 ENTRYPOINT ["/docker-entrypoint.sh"]
 # NB: Adding this here means that following steps, for example updating the system packages, are run
 #   when the version file changes. This should mean that a release version will always update.

diff --git a/ci/docker-entrypoint.sh b/ci/docker-entrypoint.sh
@@ -24,6 +24,8 @@ if [ "$ENVOY_UID" != "0" ] && [ "$USERID" = 0 ]; then
     if [ -n "$ENVOY_GID" ]; then
         groupmod -g "$ENVOY_GID" envoy
     fi
+    # Ensure the envoy user is able to write to container logs
+    chown envoy:envoy /dev/stdout /dev/stderr
     exec su-exec envoy "${@}"
 else
     exec "${@}"