Reputation: 7485
Privileges in an Ubuntu Docker container after USER statement in Dockerfile
I created a Dockerfile
FROM ubuntu:latest
as the parent image.
Later the Dockerfile creates a new group and user without sudo privileges via
RUN groupadd -r myappuser -g 433
RUN useradd -u 431 -r -g myappuser -d /opt/myapp -s /bin/false -c "my app user" myappuser
Before executing the application I switch to this new
USER myappuser
Question: Does this setting make it possible to gain root privileges again once the image is build and the container is running (with e.g. docker exec -it)?
Upvotes: 4
Views: 744
Answers (1)
Reputation: 1649
If you don't want to use sudo, you could have a Dockerfile without USER (so it runs the command as root) and CMD pointing to a script that does the user switching, that way a docker exec would run as root.
Other way is to set the root password and use su.
An example of doing that is in the tutum images
https://github.com/tutumcloud/tutum-centos/blob/master/set_root_pw.sh
Upvotes: 3
Related Questions
- Running docker container with user
- Run Ubuntu Docker container as User with sudo access
- How to Create a User in a Docker Image with the Proper File Permissions
- How to create and run docker container with new user other than root?
- Add sudo permission (without password ) to user by command line
- Become root in a docker container
- Creating a user in Ubuntu that can sudo (Dockerfile)
- Adding newuser in docker container with sudo privileges
- Running docker container with my own privileges
- Non-root user in Docker