Docker
Docker is a popular containerization tool. Docker containers are autonomous, lightweight, and portable, operating on any host system installed with Docker.
With Docker containers, users can segregate their applications from the fundamental host system and dependencies, rendering them more dependable and secure.
Set user in container
By default, Docker runs containers with a root user, which can create a security risk and cause permission issues when accessing files and directories.
It is good idea to make the container user should be a non-root user with appropriate permissions.
Using the --user option of docker run command
Docker offers --user option to set the user and group ID of the user inside the container while it is running.
following command will run ubuntu image with current user who execute this command
$docker run -it --rm --volume $(pwd):/source --workdir /source --user $(id -u):$(id -g) ubuntu
To extend this capability, following example will enable command execute user can also login to the container.
$ docker run --rm
--user $(id -u):$(id -g) #set the user’s UID and GID in the container.
--workdir="/home/$USER" #sets the working directory to the user’s home
--volume="/etc/group:/etc/group:ro" #for container authentification
--volume="/etc/passwd:/etc/passwd:ro"
--volume="/etc/shadow:/etc/shadow:ro"
ubuntu bash -c "whoami"
Set User in Dockerfile
With custom Dockerfile, we can create new docker images by defining a specific user in container.
FROM alpine:latest #base image
ARG _USER=default_user #ARG for container user
RUN addgroup -S $_USER && adduser -S $_USER -G $_USER #Create container user/group
USER $_USER #set container user
CMD ["whoami"]
Then craete Docker image
$ docker build --build-arg _USER=username -t dynamicuser .
Verify user inside of container will show the username
$ docker run --rm --name dynamicuser dynamicuser
Rootless mode
TBD