From 1a49ab01cbc562e2a79aa194bd33d13ab6f5f905 Mon Sep 17 00:00:00 2001
From: Christian Kadner <ckadner@us.ibm.com>
Date: Thu, 26 Jan 2023 14:14:25 -0800
Subject: [PATCH] Fix group ownership and file permissions

OpenShift runs containers using an arbitrarily assigned user ID,
the group ID must always be set to the root group (0) so the
/data1 folder and model files that the minio server process needs
to access must have their group ownership set to the root group.
They also need to be read/writable by that group as per OpenShift
Container Platform-specific guidelines.

https://developers.redhat.com/blog/2020/10/26/adapting-docker-and-kubernetes-containers-to-run-on-red-hat-openshift-container-platform#group_ownership_and_file_permission

Resolves kserve/modelmesh-serving#215

Signed-off-by: Christian Kadner <ckadner@us.ibm.com>
---
 Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 549e0e1..fed3a46 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,7 +23,9 @@ USER root
 
 RUN useradd -u 1000 -g 0 modelmesh
 RUN mkdir -p ${MODEL_DIR}
-RUN chown -R 1000:0 /data1
+RUN chown -R 1000:0 /data1 && \
+    chgrp -R 0 /data1 && \
+    chmod -R g=u /data1
 
 COPY --chown=1000:0 keras      ${MODEL_DIR}/keras/
 COPY --chown=1000:0 lightgbm   ${MODEL_DIR}/lightgbm/