Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Understanding Docker user/uid creation

Tags:

docker

dockerfile

containers

Even after going through lot of materials and SO answers still I'm not clear on docker uid/user usage or implementation.

I understand the below points:

  1. An instance of an image is called a container.
  2. uid/gid is maintained by the underlying kernel, not by Container.
  3. Kernel understand uid/gid number not username/groupname and name is an alias and just for human readable.
  4. All containers are processes maintained by docker daemon and will be visible as process in host machine (ps -ef)
  5. root (id = 0) is the default user within a container and this can be changed either by USER instruction in Dockerfile or by passing -u flag in docker run

With the above all said, when I have the below command in my Dockerfile, I presume that a new user (my-user) will be created with incremented uid.

RUN addgroup my-group && adduser -D my-user -G my-group

  • What happens if I run the same image multiple times i.e multiple containers? Will the same uid be assigned to all processes?

  • What happens if I add same above command in another image and run that image as container? - will I get new uid or same uid as the previous one?

  • How the uid increment happens in Container in relation with the host machine.

Any pointers would be helpful.

like image 813
Haran Avatar asked Apr 09 '19 04:04

Haran

People also ask

What is container UID?

User ID (UID) and Containers. The UID, GID pair and SELinux executing the containers are the ones used as the effective UID to execute the Entrypoint command defined by the Container.

Are docker container IDS unique?

Docker assigns a unique ID to each container. The full container ID is a hexadecimal string of 64 characters.

What is the user in a docker container?

4. Using sudo Command Inside the Container. Docker containers typically run with root as the default user. To share resources with different privileges, we may need to create additional users inside a Docker container.

1 Answers

Absent user namespace remapping, there are only two things that matter:

  1. What the numeric user ID is; and
  2. What's in the /etc/passwd file.

Remember that each container and the host have separate filesystems, so each of these things could have separate /etc/passwd files.

What happens if I run the same image multiple times i.e multiple containers? Will the same uid be assigned to all processes?

Yes, because each container gets a copy of the same /etc/passwd file from the image.

What happens if I add same above command in another image and run that image as container? - will I get new uid or same uid as the previous one?

It depends on what adduser actually does; it could be the same or different.

How the uid increment happens in Container in relation with the host machine.

They're completely and totally independent.

Also remember that you can docker push/docker pull a built image to run it on a different host. That will bring the image's /etc/passwd file along with it, but the host environment could be totally different. Correspondingly, it's not a best practice to try to match some specific host's uid mapping in a Dockerfile, because it will be wrong if you try to run the same image anywhere else.

like image 81
David Maze Avatar answered Oct 02 '22 11:10

David Maze
Sign in to Comment

Related questions

Why is my Docker Symfony project consuming so much memory?
Creating complex object from key/value pairs
Docker: How to start an existing container and forward the ports?
flyway unable to connect to postgres container within docker-entrypoint-initdb.d script
Accessing Files on a Windows Docker Container Easily
Scaling chat log workers horizontally
testing local subdomain with nginx and docker
Run "apereo/cas" docker image prints "Failed to start connector" error
How to start intermediate ca using docker-compose?
Docker automatically rerun npm install on package.json change
unable to install the asp.net core development certificate tool (dev-certs)
Docker compose wait for database service initialisation
Laravel with Docker issue connecting MySQL
Add a particular version of R to a docker container
AspNetCore.WsFederation get signin-wsfed redirect to HTTP when original request is HTTPS
dotnet build with version is not working in docker
Pycharm - Type hints are not installed
Why elastic-search container memory usage keeps increasing with little use?
Create new django project in pycharm: "Remote path not provided"
How to start CosmosDB emulator with docker-compose?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!