Move escape-hatch /site-config.json -> $HOME/site-config.json (!7961) · Merge requests · Administrator / sourcegraph

Administrator requested to merge sg/better-path into master Jan 23, 2020

Created by: slimsag

This changes the default location of the ephemeral site-config.json escape hatch file from /site-config.json to $HOME/site-config.json which is compatible with running our containers as a non-root user.

Fixes #7873

Before, the file location was incompatible with non-root container users:

$ docker run -it --entrypoint=sh sourcegraph/frontend:3.11.0 -c "whoami && echo 'test' > /site-config.json"
sourcegraph
sh: can't create /site-config.json: Permission denied

After, it is compatible:

$ docker run -it --entrypoint=sh sourcegraph/server:3.11.0 -c 'whoami && cd $HOME && pwd && echo "test" > ./site-config.json'
root
/root

$ docker run -it --entrypoint=sh sourcegraph/frontend:3.11.0 -c 'whoami && cd $HOME && pwd && echo "test" > ./site-config.json'
sourcegraph
/home/sourcegraph

We do not use /etc/sourcegraph/ since configuration under /etc is not usually ephemeral, and because site admins of server instances sometimes mount their own directory for SSH configuration into there, and the presence of site-config.json would mislead them (they may edit it, only to have it overwritten with the DB contents).
We do not use another location like /mnt/cache (suggested to me by someone else) because the owner would be different in Kubernetes and Server contexts, making the problem more complex.

Move escape-hatch /site-config.json -> $HOME/site-config.json

Merge request reports