Running Docker Containers as Non-Root User
https://www.geeksforgeeks.org/running-docker-containers-as-non-root-user/
By default, Docker Containers run as Root Users. Now, if you are running applications inside Docker Containers, you have access to all the root privileges. This poses a great security threat when you deploy applications on large scale inside Docker Containers. Because if somehow your application gets hacked by external users, other applications running inside the Containers would also be a huge risk. Moreover, if your Docker Container is part of a network, then the whole network has the risk of getting hacked. To avoid this, you need to make sure that you run the Docker Containers as non-root users.
In this article, we will discuss two different ways using which you can create and add non-root users inside Docker Containers.
How to set non-root user
https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user
While any images or Dockerfiles that come from the Dev Containers extension will include a non-root user with a UID/GID of 1000 (typically either called
vscode
ornode
), many base images and Dockerfiles do not. Fortunately, you can update or create a Dockerfile that adds a non-root user into your container.Running your application as a non-root user is recommended even in production (since it is more secure), so this is a good idea even if you're reusing an existing Dockerfile. For example, this snippet for a Debian/Ubuntu container will create a user called
user-name-goes-here
, give it the ability to usesudo
, and set it as the default:
ARG USERNAME=user-name-goes-here ARG USER_UID=1000 ARG USER_GID=$USER_UID # Create the user RUN groupadd --gid $USER_GID $USERNAME \ && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \ # # [Optional] Add sudo support. Omit if you don't need to install software after connecting. && apt-get update \ && apt-get install -y sudo \ && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ && chmod 0440 /etc/sudoers.d/$USERNAME # ******************************************************** # * Anything else you want to do like clean up goes here * # ******************************************************** # [Optional] Set the default user. Omit if you want to keep the default as root. USER $USERNAME
Using sudo Command Inside the Container
https://www.baeldung.com/ops/root-user-password-docker-container
Docker containers typically run with root as the default user. To share resources with different privileges, we may need to create additional users inside a Docker container.
Here we'll create a Dockerfile, and add a new user. Importantly, we'll also install the sudo package in the Docker container while building the image. When this user needs extra privileges, it can access them using the sudo command.
Let's check out the Dockerfile:
FROM ubuntu:16.04 RUN apt-get update && apt-get -y install sudo RUN useradd -m john && echo "john:john" | chpasswd && adduser john sudo USER john CMD /bin/bash
标签:priviledge,non,user,&&,docker,root,Docker,USER From: https://www.cnblogs.com/lightsong/p/17539450.html