Reputation: 21934
How to execute something as a root user (initially) for an otherwise non-root user container?
I want to sync the host machine's user/group with the docker machine to enable (developers) to edit the files inside or outside the container. There are some ideas like this: Handling Permissions with Docker Volumes which creates a new user.
I would like to try a similar approach, but instead of creating a new user, I would like to modify the existing user using usermod:
usermod -d /${tmp} docker # avoid `usermod` from modifying permissions automatically.
usermod -u "${HOST_USER_ID}" docker
groupmod -g "${HOST_GROUP_ID}" docker
usermod -d ${HOME} docker
This idea seems to work, but when the container is run as docker user (which is what I want), usermod complains that "this user has a process running and so it can't change the user id".
If add sudo, it will change the user id, but it will break on the next sudo will the following exception: sudo: unknown uid 1000: who are you? as a consequence of side-stepping the above problem.
sudo usermod -d /${tmp} docker
sudo usermod -u "${HOST_USER_ID}" docker
sudo groupmod -g "${HOST_GROUP_ID}" docker # `sudo: unknown uid 1000: who are you?`
sudo usermod -d ${HOME} docker # `sudo: unknown uid 1000: who are you?`
Is it possible to run something as a root when the container is started, along with a bootstrap script as a normal user? It seems like the Dockerfile's CMD doesn't executes two commands; nor can I club multiple commands into one script sine I need to run as two users - or can I? I know I can create a different image, but wondering if there are cleaner alternatives.
Upvotes: 1
Views: 1290
Answers (1)
Reputation: 312500
You can start your container as root, allow the ENTRYPOINT script to perform any changes you want, and then switch to an unprivileged user when you execute the container CMD. E.g., use an ENTRYPOINT script something like this:
#!/bin/sh
usermod -d /${tmp} docker
usermod -u "${HOST_USER_ID}" docker
groupmod -g "${HOST_GROUP_ID}" docker
exec runuser -u docker -- "$@"
If you don't have the runuser command, you can get similar behavior using su.
Upvotes: 2
Related Questions
- Docker : execute commands as a non-root user
- Docker container does not run with a non-root user
- Executing command as specific user in docker container
- How to run docker image as a non-root user?
- Running docker containe process as non root user
- How to execute Docker container as root
- Run process with non-root user in docker container
- Docker Spawn a shell as a user instead of root
- Can you start a process inside a Docker container as root, while having the default user of an exec call be non-root?
- Docker: executng commands with non-root user inside container