Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Changing the user's uid in a pre-build docker container (jenkins)

I am new to docker, so if this is a fairly obvious process that I am missing, I do apologize for the dumb question up front.

I am setting up a continuous integration server using the jenkins docker image. I did a docker pull jenkins, and created a user jenkins to allow me to mount the /var/jenkins_home in the container to my host's /var/jenkins_home (also owned by jenkins:jenkins user).

the problem is that the container seems to define the jenkins user with uid 102, but my host has the jenkins user as 1002, so when I run it I get:

docker run --name jenkins -u jenkins -p 8080 -v /var/jenkins_home:/var/jenkins_home jenkins
/usr/local/bin/jenkins.sh: line 25: /var/jenkins_home/copy_reference_file.log: Permission denied

I would simply make the uid for the host's jenkins user be 102 in /etc/passwd, but that uid is already taken by sshd. I think the solution is to change the container to use uid 1002 instead, but I am not sure how.

Edit

Actually, user 102 on the host is messagebus, not sshd.

like image 589
CodeChimp Avatar asked Aug 24 '15 14:08

CodeChimp


People also ask

How do I add Docker Hub credentials in Jenkins?

In Jenkins you have to add a new credential with your Docker Hub account details. Go to Credentials → Global → Add credentials and fill out the form with your username and password. Create your Jenkins pipeline.

What is Userns remap?

docker's userns-remap feature allows us to use a default dockremap user. In this scenario, docker engine creates the user dockremap on the host and maps the root user inside a container to this user. For this user, docker also needs to have entries on the host's /etc/subuid and /etc/subgid files.

What is ARG command in Dockerfile?

The ARG directive in Dockerfile defines the parameter name and defines its default value. This default value can be overridden by the --build-arg <parameter name>=<value> in the build command docker build .


1 Answers

You can simply change the UID in /etc/passwd, assuming that no other user has UID 1002.

You will then need to change the ownership of /var/jenkins_home on your host to UID 1002:

chown -R jenkins /var/jenkins_home

In fact, you don't even need a jenkins user on the host to do this; you can simply run:

chown -R 1002 /var/jenkins_home

This will work even if there is no user with UID 1002 available locally.

Another solution is to build your own docker image, based on the Jenkins image, that has an ENTRYPOINT script that looks something like:

#!/bin/sh
chown -R jenkins /var/jenkins_home 
exec "$@"

This will (recursively) chown /var/jenkins_home inside the container to whatever UID is used by the jenkins user (this assumes that your Docker contains is starting as root, which is true unless there was a USER directive in the history of the image).

Update

You can create a new image, based on (FROM ...) the jenkins image, with a Dockerfile that performs the necessary edits to the /etc/passwd file. But that seems a lot of work for not much gain. It's not clear why you're creating jenkins user on the host or if you actually need access to the jenkins home directory on the host.

If all you're doing is providing data persistence, consider using a data volume container and --volumes-from rather than a host volume, because this will isolate the data volume from your host so that UID conflicts don't cause confusion.

like image 142
larsks Avatar answered Oct 24 '22 07:10

larsks