Reputation: 18660
Run docker as non-root in a development environment for an specific process
I am continuing on the road to learn Docker and how to deal with images and containers. I am working on an image to be used by me at work. This is the Dockerfile:
FROM ubuntu:trusty
...
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
chown www-data /usr/local/bin/composer && composer --version
RUN composer global require sebastian/phpcpd && \
composer global require phpmd/phpmd && \
composer global require squizlabs/php_codesniffer
...
It works but each time I build an image I am seeing the annoying message about composer run as root user, which is not bad at all but I would like to change this behavior just for fun :) and learning.
I would like to create and keep (for another usage, maybe for other tasks as well) a user docker-dev for running this task. This user should have a home directory and composer should install libraries globally but under this user home directory.
Right now composer gets installed under /root/.composer and every library is installed there. I would like to turn it into /home/docker-dev/.composer and then have the libraries installed there.
I have read a lot of docs about this topic:
- http://www.projectatomic.io/docs/docker-image-author-guidance/
- https://github.com/airdock-io/docker-base/wiki/How-Managing-user-in-docker-container
- http://blog.dscpl.com.au/2015/12/overriding-user-docker-containers-run-as.html
- Running app inside Docker as non-root user
- http://www.yegor256.com/2014/08/29/docker-non-root.html
- How to run Docker commands as non-root user in Docker in Docker?
..and many more, but this is a lot of information and is confusing.
Can anybody help me to make those changes for creating the user and installing composer libraries under its home directory, in my Dockerfile?
Note: I have removed the irrelevant part from the Dockerfile so the post is not too long.
Update
After the solution provided this is what I have tried without success:
# This still running as root because we need to move composer to /user/local/bin
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
chown www-data /usr/local/bin/composer && composer --version
# I am adding a docker-dev user
RUN useradd docker-dev
# Switch to RUN the next command as the recently created user
USER docker-dev
# Run the command in verbose mode (just for debug)
RUN composer global --verbose require sebastian/phpcpd && \
composer global --verbose require phpmd/phpmd && \
composer global --verbose require squizlabs/php_codesniffer
And this is the output from console:
Step 8 : RUN composer global --verbose require sebastian/phpcpd && composer global --verbose require phpmd/phpmd && composer global --verbose require pdepend/pdepend && composer global --verbose require squizlabs/php_codesniffer && composer global --verbose require phpunit/phpunit
---> Running in 0f203e1760a4
[ErrorException]
chdir(): No such file or directory (errno 2)
Exception trace:
() at phar:///usr/local/bin/composer/src/Composer/Command/GlobalCommand.php:74
Composer\Util\ErrorHandler::handle() at n/a:n/a
chdir() at phar:///usr/local/bin/composer/src/Composer/Command/GlobalCommand.php:74
Composer\Command\GlobalCommand->run() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:847
Symfony\Component\Console\Application->doRunCommand() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:192
Symfony\Component\Console\Application->doRun() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:231
Composer\Console\Application->doRun() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:123
Symfony\Component\Console\Application->run() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:104
Composer\Console\Application->run() at phar:///usr/local/bin/composer/bin/composer:43
require() at /usr/local/bin/composer:24
global <command-name> [<args>]...
I am not sure if the problem is with permissions, what do you think?
Upvotes: 3
Views: 4358
Answers (1)
Reputation: 1210
In your Dockerfile - Use a RUN command to create the user:
RUN useradd userToRunComposer
Then use the USER command in your Dockerfile, after creating it.
USER userToRunComposer
RUN curl -sS https://getcomposer.org/instal...
RUN composer global require se...
You could also take a different approach by creating the user inside the container, then committing the image:
docker exec -ti <my container name> /bin/bash
userAdd userToRunComposer
And then do a: docker commit <my container id> <myimagename> to avoid having to create the user every single time
See this question.
Upvotes: 1
Related Questions
- How to run php-fpm as root in docker
- How to run docker image as a non-root user?
- How to run docker container from non-root user?
- How to run composer as non root user on official docker php image
- Running docker containe process as non root user
- docker permission denied running from php
- Composer is running as root in docker, even though user is specified
- How to make a docker entrypoint run as non-root for some particular commands only
- Run nginx and php into containers with proper user for development
- Root user inside Composer container