Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Store and Restore Inherited Dockerfile USER setting

Tags:

docker

dockerfile

I'm looking how can I store and restore the USER from an inherited docker image in a Dockerfile. My parent image for example specifies a default service and sets USER to serviceuser.

Now I have a depending image that inherits from the parent image, does some modifications as root, but want's to keep the docker image user to serviceuser.

I can do this manually:

parent Dockerfile:

from default
USER serviceuser
ENTRYPOINT ["some-service"]

other Dockerfile:

from parent
USER root
RUN apt-get install -y cool-stuff
USER serviceuser

However, this way when I change the user in parent I have to update all child images. Is there a way to dymaically do this in the child Dockerfile?

Other options I thought about are to use sudo in the child script or running the entrypoint as root (i.e. not setting USER) and doing the service user switch in the start script. But both have security implications.

like image 275
Elmar Weber Avatar asked Aug 13 '16 17:08

Elmar Weber

People also ask

Where do you store Dockerfiles?

The best way is to put the Dockerfile inside the empty directory and then add only the application and configuration files required for building the docker image. To increase the build's performance, you can exclude files and directories by adding a . dockerignore file to that directory as well.

What is difference between CMD and entrypoint?

Differences between CMD & ENTRYPOINT CMD commands are ignored by Daemon when there are parameters stated within the docker run command while ENTRYPOINT instructions are not ignored but instead are appended as command line parameters by treating those as arguments of the command.

What is the default user in Dockerfile?

The default user in a Dockerfile is the user of the parent image. For example, if your image is derived from an image that uses a non-root user example: swuser , then RUN commands in your Dockerfile will run as swuser .

What is docker Workdir?

The WORKDIR instruction sets a working directory for other Dockerfile instructions, such as RUN , CMD , and also the working directory for running instances of the container image. The WORKDIR instruction's format goes like this: Dockerfile Copy. WORKDIR <path to working directory>

1 Answers

If you are author of parent image you can do this like this:

ENV serviceuser=foo
RUN useradd $serviceuser
USER $serviceuser

child image:

USER root
RUN apt-get install -y cool-stuff
USER $serviceuser
like image 67
Mateusz Moneta Avatar answered Oct 20 '22 03:10

Mateusz Moneta
Sign in to Comment

Related questions

docker-compose - database migrations and other pre/post scripts
Using Ansible,Jenkins and docker to build fast test environments
Docker Toolbox - hang on `docker push`
How to build a Docker container with a running MySQL?
How can I find out how much space is used by my container images from the Google Container Registry
building docker image from dockerfile
Unable to ping docker container
docker Job for docker.service failed because the control process exited with error code
Can't connect to mySql docker container with JDBC
Unsatisfiable constraints when installing packages on docker alpine
Why do Docker official images not use USER as required by "best practices"
JMX and Debugging on Tomcat inside Docker
How can I structure my docker projects for easy deployment?
Docker rails mongodb NoServerAvailable
Docker Upgrade from v1.11 to v1.12 using apt-get on Ubuntu 14.04.4 LTS
Cannot Compile the typescript in Docker
Jenkins: running docker commands on a docker slave
Creating a swarm cluster with Docker for Mac
How should I handle Perl module updates when maintaining docker images?
Docker restart entrypoint

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!