Skip to content

Commit

Permalink
Adjust docs mentioning auth.d directory with drop-in files.
Browse files Browse the repository at this point in the history
Signed-off-by: Ina Panova <[email protected]>
  • Loading branch information
ipanova committed Oct 25, 2024
1 parent 0f8b382 commit 5890231
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions docs/containers-auth.json.5.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,22 +5,24 @@ containers-auth.json - syntax for the registry authentication file

# DESCRIPTION

A credentials file in JSON format used to authenticate against container image registries.
A file in JSON format controlling authentication against container image registries.
The primary (read/write) per-user file is stored at `${XDG_RUNTIME_DIR}/containers/auth.json` on Linux;
on Windows and macOS, at `$HOME/.config/containers/auth.json`.

There is also a system-global `/etc/containers/auth.json` path. When the current process is executing inside systemd as root, this path will be preferred.
There is also a system-global `/etc/containers/auth.json` path and `/etc/containers/auth.d/` directory with drop-in per-repo files.
When the current process is executing inside systemd as root, these paths will be preferred.
Drop-ins always have higher precedence than the configuration file they refer to. Drop-ins are sorted in the lexicographic order. The drop-ins that are later in this order have higher precedence.

When running as a user and searching for the credential for a registry, the following files will be read in sequence until the valid credential is found:
first reading the primary (read/write) file, or the explicit override using an option of the calling application.
If credentials are not present there,
the search continues in `${XDG_CONFIG_HOME}/containers/auth.json` (usually `~/.config/containers/auth.json`), `$HOME/.docker/config.json`, `$HOME/.dockercfg`.

If the current process is not running in systemd, but is running as root, the system-global `/etc/containers/auth.json` path will be read last.
If the current process is not running in systemd, but is running as root, the system-global `/etc/containers/auth.json` path and `/etc/containers/auth.d/` directory will be read last.

Except the primary (read/write) file, other files are read-only, unless the user use an option of the calling application explicitly points at it as an override.
Except for the primary (read/write) file, other files are read-only unless the user, using an option of the calling application, explicitly points at it as an override.

Note that the `/etc/containers/auth.json` file must not be readable by group or world (i.e. mode `044`), or a fatal error will occur.
Note that the `/etc/containers/auth.json` file and drop-in files from `/etc/containers/auth.d/` directory must not be readable by group or world (i.e. mode `044`), or a fatal error will occur.

## FORMAT

Expand Down

0 comments on commit 5890231

Please sign in to comment.