9

I'm creating a docker file from ubuntu:bionic image.

I want an ubuntu user with sudo privileges.

This is my Dockerfile

FROM ubuntu:bionic

ENV DEBIAN_FRONTEND noninteractive

# Get the basic stuff
RUN apt-get update && \
    apt-get -y upgrade && \
    apt-get install -y \
    sudo

# Create ubuntu user with sudo privileges
RUN useradd -ms /bin/bash ubuntu && \
    usermod -aG sudo ubuntu

# Set as default user
USER ubuntu
WORKDIR /home/ubuntu

ENV DEBIAN_FRONTEND teletype

CMD ["/bin/bash"]

But with this aproach I need to write the password of ubuntu user.

There is a way to add NOPASSWD clausule to sudo group in sudoers file by command line?

Improve this question
2
  • 1
    You shouldn't ever need sudo in Docker: a container only runs one process, and when you launch it you can explicitly specify the user at the docker run command line (or, if you need a debugging shell, docker exec -u can launch it as an alternate user). What's the application you're trying to package, and how does it need sudo? Does How to use sudo inside a docker container? have enough information for you? Commented Dec 23, 2020 at 16:05
  • You are rigth. But itis not my call. Commented Dec 23, 2020 at 16:09

2 Answers 2

Reset to default
22

First, you are not suggested to use sudo in docker. You could well design your behavior using USER + gosu.

But, if you insist for some uncontrolled reason, just add next line after you setup normal user:

RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

So for your scenario, the workable one is:

FROM ubuntu:bionic

ENV DEBIAN_FRONTEND noninteractive

# Get the basic stuff
RUN apt-get update && \
    apt-get -y upgrade && \
    apt-get install -y \
    sudo

# Create ubuntu user with sudo privileges
RUN useradd -ms /bin/bash ubuntu && \
    usermod -aG sudo ubuntu
# New added for disable sudo password
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Set as default user
USER ubuntu
WORKDIR /home/ubuntu

ENV DEBIAN_FRONTEND teletype

CMD ["/bin/bash"]

Test the effect:

$ docker build -t abc:1 .
Sending build context to Docker daemon  2.048kB
Step 1/9 : FROM ubuntu:bionic
......
Successfully built b3aa0793765f
Successfully tagged abc:1

$ docker run --rm abc:1 cat /etc/sudoers
cat: /etc/sudoers: Permission denied

$ docker run --rm abc:1 sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
......
#includedir /etc/sudoers.d
%sudo ALL=(ALL) NOPASSWD:ALL

You could see with sudo, we could already execute a root-needed command.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I found that the previous ways that was not working, for that I needed to change to this:

ARG DOCKER_USER=default_user
ARG DOCKER_USERID=default_userid

# Set the default user with the same GID and UID for
# improve clean permission executions between the host and the container:

RUN mkdir -p /workspace && \
    useradd -d /opt/workspace -u $DOCKER_USERID $DOCKER_USER  && \
    usermod -aG sudo $DOCKER_USER && \
    chown -R $DOCKER_USER:$DOCKER_USER /workspace

# NOTE:
# sudo grant but using concatenate
# because the old way was not working:
 
RUN echo -n $DOCKER_USER >> /etc/sudoers && echo ' ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

USER ${DOCKER_USER}

WORKDIR /workspace

and you should need pass the user and userid maybe like this:
docker run --rm -i --user="$(id -u):$(id -g)" -v "$PWD":/workspace "$IMAGE" "$@"

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.