Dockerfile: create ENV variable that a USER can see?

Question

Is there a way to set an ENV variable for a custom USER in a docker file?

I am trying the following:

FROM some_repo/my_base_image
ENV FOO_VAR bar_value
USER webapp
# ... continued (not important)

But my "webapp" user can not see the "FOO_VAR" variable. HOWEVER, my root user CAN.

Any help would be appreciated.

Answer 1

Any user can see the environment variables:

$ cat Dockerfile
FROM debian

ENV foo bar
RUN groupadd -r am && useradd -r -g am am
USER am
$ docker build -t test .
...
$ docker run test bash -c 'echo $foo'
bar

So that's not what the problem is. It may be that your process forked a new environment, but I can't be sure as you haven't shared how you're checking the value.

Answer 2

If you switch user context using su within the dockerfile's ENTRYPOINT, CMD or docker exec ... using the form below you enter a new shell process for the given username that does not persist your original environment variables provided by the ENV targets through dockerfile, docker-compose yaml, or docker run -e ...

> su - username -c "run a process"

To avoid this behavior simply remove the dash - from the call like so:

> su username -c "run a process"

Your assigned docker environment variables will now persist.