Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

useradd not in amazonlinux base image

It seems that useradd is not in amazonlinux docker base image.

useradd will work when when my Dockerfile install openldap-devel, so RUN useradd my_user will work when I my image have the following:

FROM amazonlinux

RUN yum -y install python3 \
    gcc \
    python3-pip \
    python3-devel \
    openldap-devel

When my image is just build from

FROM amazonlinux

RUN yum -y install python3 \
    gcc \
    python3-pip \
    python3-devel 

The command RUN useradd my_user fails with the error message /bin/sh: useradd: command not found

How do I install useradd in an amazonlinux base image without having to install all openldap-devel

like image 735
Demeter P. Chen Avatar asked Jul 17 '19 09:07

Demeter P. Chen


2 Answers

I managed to figure out what package useradd belongs by running the following command on an AmazonLinux EC2 machine:

$ yum whatprovides /usr/sbin/useradd

2:shadow-utils-4.1.5.1-24.amzn2.x86_64 : Utilities for managing accounts and shadow password files
Repo        : amzn2-core
Matched from:
Filename    : /usr/sbin/useradd

So changing my Dockerfile to the following made it work:

FROM amazonlinux

RUN yum -y install python3 \
    python3-pip \
    shadow-utils
like image 179
Demeter P. Chen Avatar answered Nov 18 '22 07:11

Demeter P. Chen


you can use the shadow-utils package as demeter has pointed out.

In my case, installing shadow-utils took too long in order to create my docker image, because it installed many dependencies. So I'll give you 2 alternatives:

1 - Use docker USER command:

You can do this in your Dockerfile:

FROM amazoncorretto:11.0.14-al2
USER 1000

This will allow you to start the container with a non-root user. From here, you can see that you don't need the user to exist. The downside is that this user has no name and no $HOME. I think this would usually be ok, but if there's any software in the container that needs a $HOME folder, it could give some problems.

2 - Use an existing user:

In the container, if you run cat /etc/passwd you'll see a list of existing users. Usually you'll have the nobody user that has the least permissions. So in your Dockerfile you can do:

FROM amazoncorretto:11.0.14-al2
USER nobody

and you're good 🔥

like image 37
Yair Kukielka Avatar answered Nov 18 '22 06:11

Yair Kukielka