Running a Container as Non-root

Be default, the root user is logged in when a container starts. Being the root in the container means you get to do anything you want to the container’s file system. There are reasons why you may not want this to happen, both from a security, and application point of view.

To be a non-root user within the container, you can use the --user flag when executing the run command.

To log in as the current user on the container, you can use --user=$(id -u):$(id -g). However, if the user does not exist in the container, the username will be “I have no name!”

To add a user to the container as part of the initialization, you  can:

  • Pass in a useradd command via a entrypoint file, or
  • Create the user and commit it as part of the image (non-portable)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s