4

I created a Dockerfile

FROM       ubuntu:latest

as the parent image.

Later the Dockerfile creates a new group and user without sudo privileges via

RUN groupadd -r myappuser -g 433
RUN useradd -u 431 -r -g myappuser -d /opt/myapp -s /bin/false -c "my app user" myappuser

Before executing the application I switch to this new

USER       myappuser

Question: Does this setting make it possible to gain root privileges again once the image is build and the container is running (with e.g. docker exec -it)?

Improve this question
3
  • Related answer: stackoverflow.com/a/27703359/1725096 Commented Feb 20, 2015 at 10:26
  • just a though, can you add the user to sudoers or is that not what you are looking for? Commented Feb 20, 2015 at 13:53
  • Since this user is dedicated for running the main application it should not have full privileges .. Commented Feb 20, 2015 at 16:20

1 Answer 1

Reset to default
3

If you don't want to use sudo, you could have a Dockerfile without USER (so it runs the command as root) and CMD pointing to a script that does the user switching, that way a docker exec would run as root.

Other way is to set the root password and use su. An example of doing that is in the tutum images

https://github.com/tutumcloud/tutum-centos/blob/master/set_root_pw.sh

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.