Menu
Verifying that you're no longer running containers as rootDeploy your software and use “kubectl exec” to get an interactive shell session in your currently running container (or hit the “play”-like button in Lens). There, type “id” as a command. If it comes back and says that your uid and gid are 1000, you're done!
To run Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode). To create the docker group and add your user: Create the docker group. Add your user to the docker group.
For versions v17.09.0-ce and newer
Use the optional flag --chown=<user>:<group> with either the ADD or COPY commands.
For example
COPY --chown=<user>:<group> <hostPath> <containerPath>
The documentation for the --chown flag is now live on the main Dockerfile Reference page.
Issue 34263 has been merged and is available in release v17.09.0-ce.
For versions older than v17.09.0-ce
Docker doesn't support COPY as a user other than root. You need to chown / chmod the file after the COPY command.
Example Dockerfile:
from centos:6
RUN groupadd -r myuser && adduser -r -g myuser myuser
USER myuser
#Install code, configure application, etc...
USER root
COPY run-my-app.sh /usr/local/bin/run-my-app.sh
RUN chown myuser:myuser /usr/local/bin/run-my-app.sh && \
chmod 744 /usr/local/bin/run-my-app.sh
USER myuser
ENTRYPOINT ["/usr/local/bin/run-my-app.sh"]
Previous to v17.09.0-ce, the Dockerfile Reference for the COPY command said:
All new files and directories are created with a UID and GID of 0.
History This feature has been tracked through multiple GitHub issues: 6119, 9943, 13600, 27303, 28499, Issue 30110.
Issue 34263 is the issue that implemented the optional flag functionality and Issue 467 updated the documentation.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With