Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Running docker container with user

Tags:

docker

dockerfile

I have created this docker file to run a python script in docker container. I am creating a user here and I want this user to run the container from docker image.

FROM ubuntu:16.04
MAINTAINER "Vijendra Kulhade" <[email protected]>
RUN yum makecache fast
RUN yum -y update
RUN yum -y install gcc
RUN yum -y install zlib-devel
RUN yum -y install openssl-devel
RUN yum -y install python-setuptools python-setuptools-devel
RUN yum -y install libyaml
RUN useradd newuser -d /home/newuser
RUN chown -R newuser.newuser /usr/bin/
RUN chown -R newuser.newuser /usr/lib64/
RUN chown -R newuser.newuser /usr/lib/
ENV https_proxy=http://proxy.xxxx.com:8080
RUN easy_install pip
RUN pip -V
RUN pip install --upgrade pip
RUN pip install --upgrade --force-reinstall setuptools

I use this command to create the image docker build -t python-container . And I am using docker run --security-opt label=user:newuser -i -t python-container:latest /bin/bash to run container from image. I was expecting that this would start the container and login into it with newuser@xxxxxxxx. But It is not happening. Please let know how I can achieve that.

like image 705
Vijendra Kumar Kulhade Avatar asked Nov 26 '25 00:11

Vijendra Kumar Kulhade

1 Answers

There are two possibilities to run docker containers with a user different from root.

First possibility: Create user in Dockerfile

In your example Dockerfile, you create user newuser with command useradd. You can write instruction

USER newuser

in the Dockerfile. All following commands will be executed as user newuser. This goes for all following RUN instructions as well as for docker run commands.

Second possibility: option --user (tops possible USER instruction in image)

You can use docker run option --user. It can be used to specify either an UID without a name:

docker run --user 1000

Or specify UID and GID without a name:

docker run --user 1000:100

or specify a name only without knowing which UID the user will get:

docker run --user newuser

You can combine both ways. Create a user in Dockerfile with specified (!) UID and GID and add him to all desired groups. Use matching docker run --user UID:GID, and your container user will have all attributes you gave him in the Dockerfile.

(I do not understand your approach with --security-opt label=user:newuser, either it is wrong or it is something I know nothing about.)

like image 164
mviereck Avatar answered Nov 27 '25 14:11

mviereck
Sign in to Comment

Related questions

How to set base image for DockerPlugin of sbt native packager?
Display chinese characters in python console
Is there Jenkins or other open-source CI for a distributed system?
denied: requested access to the resource is denied when pushing image to gitlab registry
Which way is the best for running background processes?
service docker start fails (daemon is not a docker command)
Creating a Github Docker container action referencing an image on Github Packages
How to install pandas and numpy on Debian Buster?
Long deploy time of AWS lambda function with huge dependencies
How to solve the "Docker Desktop - WSL kernel version too low" error [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!