Menu
I'm trying to switch user to the tomcat7 user in order to setup SSH certificates.
When I do su tomcat7, nothing happens.
whoami still ruturns root after doing su tomcat7
Doing a more /etc/passwd, I get the following result which clearly shows that a tomcat7 user exists:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh messagebus:x:101:104::/var/run/dbus:/bin/false colord:x:102:105:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:103:106::/home/saned:/bin/false tomcat7:x:104:107::/usr/share/tomcat7:/bin/false What I'm trying to work around is this error in Hudson:
Command "git fetch -t git@________.co.za:_______/_____________.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: Host key verification failed. This is my Dockerfile, it takes an existing hudson war file and config that is tarred and builds an image, hudson runs fine, it just can't access git due to certificates not existing for user tomcat7.
FROM debian:wheezy # install java on image RUN apt-get update RUN apt-get install -y openjdk-7-jdk tomcat7 # install hudson on image RUN rm -rf /var/lib/tomcat7/webapps/* ADD ./ROOT.tar.gz /var/lib/tomcat7/webapps/ # copy hudson config over to image RUN mkdir /usr/share/tomcat7/.hudson ADD ./dothudson.tar.gz /usr/share/tomcat7/ RUN chown -R tomcat7:tomcat7 /usr/share/tomcat7/ # add ssh certificates RUN mkdir /root/.ssh ADD ssh.tar.gz /root/ # install some dependencies RUN apt-get update RUN apt-get install --y maven RUN apt-get install --y git RUN apt-get install --y subversion # background script ADD run.sh /root/run.sh RUN chmod +x /root/run.sh # expose port 8080 EXPOSE 8080 CMD ["/root/run.sh"] I'm using the latest version of Docker (Docker version 1.0.0, build 63fe64c/1.0.0), is this a bug in Docker or am I missing something in my Dockerfile?
714
Manage Docker as a non-root user By default that Unix socket is owned by the user root and other users can only access it using sudo . The Docker daemon always runs as the root user. If you don't want to preface the docker command with sudo , create a Unix group called docker and add users to it.
You should not use su in a dockerfile, however you should use the USER instruction in the Dockerfile.
At each stage of the Dockerfile build, a new container is created so any change you make to the user will not persist on the next build stage.
For example:
RUN whoami RUN su test RUN whoami This would never say the user would be test as a new container is spawned on the 2nd whoami. The output would be root on both (unless of course you run USER beforehand).
If however you do:
RUN whoami USER test RUN whoami You should see root then test.
Alternatively you can run a command as a different user with sudo with something like
sudo -u test whoami But it seems better to use the official supported instruction.
89
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
