Docker: Difference between revisions

From HPCWIKI
Jump to navigation Jump to search
Line 12: Line 12:


Following command will run ubuntu image with current user who execute this command  <syntaxhighlight lang="bash">
Following command will run ubuntu image with current user who execute this command  <syntaxhighlight lang="bash">
$docker run -it --rm --volume $(pwd):/source --workdir /source --user $(id -u):$(id -g) ubuntu
$docker run -it --rm --volume /home/$USER:/home/$USER --workdir /home/$USER --user $(id -u):$(id -g) ubuntu
</syntaxhighlight>To extend this capability, following example enables execute user to login of their container using host UID/GID. <syntaxhighlight lang="bash">
</syntaxhighlight>To extend this capability, following example enables execute user to login of their container using host UID/GID. <syntaxhighlight lang="bash">
$ docker run --rm
$ docker run --rm

Revision as of 09:26, 5 April 2023

Docker is a popular containerization tool. Docker containers are autonomous, lightweight, and portable, operating on any host system installed with Docker.

With Docker containers, users can segregate their applications from the fundamental host system and dependencies, rendering them more dependable and secure.

Set user in container

By default, Docker runs containers with a root user, which can create a security risk and cause permission issues when accessing files and directories.

It is good idea to make the container user should be a non-root user with appropriate permissions.

Using the --user option of docker run command

Docker offers --user option to set the UID and GID of the user inside the container while it is running.

Following command will run ubuntu image with current user who execute this command 

$docker run -it --rm --volume /home/$USER:/home/$USER --workdir /home/$USER --user $(id -u):$(id -g) ubuntu

To extend this capability, following example enables execute user to login of their container using host UID/GID. 

$ docker run --rm
    --user $(id -u):$(id -g)                #set the user’s UID and GID in the container.
    --workdir="/home/$USER"                 #sets the working directory to the user’s home
    --volume="/etc/group:/etc/group:ro"     #for container authentification
    --volume="/etc/passwd:/etc/passwd:ro"
    --volume="/etc/shadow:/etc/shadow:ro"
    ubuntu bash -c "whoami"

Set User in Dockerfile

With custom Dockerfile, we can create new docker images by defining a specific user in container. 

FROM alpine:latest                                      #base image
ARG _USER=default_user                                  #ARG for container user 
RUN addgroup -S $_USER && adduser -S $_USER -G $_USER   #Create container user/group
USER $_USER                                             #set container user
CMD ["whoami"]

Then craete Docker image

$ docker build --build-arg _USER=username -t dynamicuser .

Verify user inside of container will show the username

$ docker run --rm --name dynamicuser dynamicuser

Rootless mode

TBD

Reference

Retrieved from "http://wiki.hpcmate.com/index.php?title=Docker&oldid=529"