correct method to create user in alpine docker container so that sudo works correctly

Question

When attempting to execute sudo in a docker container using alpine 3.8 I get the following output.

I am logged into the container using docker exec -i -t MYIMAGE /bin/bash

bash-4.4$ whoami
payara
bash-4.4$ sudo -s
bash-4.4$ whoami
payara
bash-4.4$ su root
su: incorrect password
bash-4.4$

My docker file contains the following user related commands to try and setup a user specifically for payara. I want sudo to work correctly though, if possible.

DockerFile

FROM "alpine:latest"

ENV LANG C.UTF-8
ENV http_proxy 'http://u:p@160.48.234.129:80'
ENV https_proxy 'http://u:p@160.48.234.129:80'

RUN apk add --no-cache bash gawk sed grep bc coreutils git openssh-client libarchive libarchive-tools busybox-suid sudo            

RUN addgroup -S payara && adduser -S -G payara payara
RUN echo "payara ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# CHANGE TO PAYARA USER
USER payara

... rest of setup.

Answer 1

From man sudo:

 -s, --shell
             Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user's password database entry.

You have neither SHELL variable set, nor correct (interactive) default shell set in /etc/passwd for user payara. This is because you are creating a system user (-S) - this user has a default shell /bin/false (which just exits with exit code 1 - you may check with echo $? after unsuccessfull sudo -s).

You may overcome this in different ways:

a) specify the SHELL variable:

bash-4.4$ SHELL=/bin/bash sudo -s
bed662af470d:~# 

b) use su, which will use the default root's shell:

bash-4.4$ sudo su -
bed662af470d:~# 

c) just run the required privileged commands with sudo directly, without spawning an interactive shell.