问题
In my docker container I am running a command as a specific user like this from entrypoint.sh:
sudo -u appuser "$@"
This works fine, however, it doesn't set any of the environment variables that get created by using the --link option while running the container.
Question
Is it possible to set all environment variables that exist for a root user to some other specific user (in this example appuser)
Note: related question to this discussion. This is the reason I can't just use the USER command How to give non-root user in Docker container access to a volume mounted on the host
回答1:
The sudo command, because it is designed as a tool for privilege escalation, intentionally sanitizes the environment before switching to a new user id. If you take a look at the sudo man page, you'll find:
-E, --preserve-env Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment.
So instead of sudo -u appuser somecommand, just use sudo -E -u appuser somecommand.
The runuser command is provided by the util-linux package in recent versions of Ubuntu, and does not perform any environment initialization by default. For example:
$ docker pull ubuntu
$ docker run -it --rm ubuntu /bin/bash
root@ded49ffde72e:/# runuser --help
Usage:
runuser [options] -u <user> <command>
runuser [options] [-] [<user> [<argument>...]]
[...]
This is with Ubuntu Xenial (but the runuser command also appears to be available on ubuntu:vivid, but is not available under ubuntu:trusty).
So your options are:
- Use
sudo -E, or - Use a more recent Ubuntu image
来源:https://stackoverflow.com/questions/39402396/how-to-set-copy-all-environment-variables-from-root-user-to-another-specific-use