发表新帖
发表新帖

Connect to docker container as user other than root

后端 未结
关注
9 1028
没有蜡笔的小新
没有蜡笔的小新 2020-12-13 01:38

BY default when you run

docker run -it [myimage]

OR

docker attach [mycontainer]

you connect to the terminal as r

相关标签:
9条回答
  • 粉色の甜心
    2020-12-13 01:52

    My solution:

    #!/bin/bash
user_cmds="$@"

GID=$(id -g $USER)
UID=$(id -u $USER)
RUN_SCRIPT=$(mktemp -p $(pwd))
(
cat << EOF
addgroup --gid $GID $USER
useradd --no-create-home --home /cmd --gid $GID --uid $UID  $USER
cd /cmd
runuser -l $USER -c "${user_cmds}"
EOF
) > $RUN_SCRIPT

trap "rm -rf $RUN_SCRIPT" EXIT

docker run -v $(pwd):/cmd --rm my-docker-image "bash /cmd/$(basename ${RUN_SCRIPT})"

    This allows the user to run arbitrary commands using the tools provides by my-docker-image. Note how the user's current working directory is volume mounted to /cmd inside the container.

    I am using this workflow to allow my dev-team to cross-compile C/C++ code for the arm64 target, whose bsp I maintain (the my-docker-image contains the cross-compiler, sysroot, make, cmake, etc). With this a user can simply do something like:

    cd /path/to/target_software
cross_compile.sh "mkdir build; cd build; cmake ../; make"

    Where cross_compile.sh is the script shown above. The addgroup/useradd machinery allows user-ownership of any files/directories created by the build.

    While this works for us. It seems sort of hacky. I'm open to alternative implementations ...

    0 讨论(0)
  • 孤街浪徒
    2020-12-13 01:55

    The only way I am able to make it work is by:

    docker run -it -e USER=$USER -v /etc/passwd:/etc/passwd -v `pwd`:/siem mono bash
su - magnus

    So I have to both specify $USER environment variable as well a point the /etc/passwd file. In this way, I can compile in /siem folder and retain ownership of files there not as root.

    0 讨论(0)
  • 星月不相逢
    2020-12-13 02:03

    You can specify USER in the Dockerfile. All subsequent actions will be performed using that account. You can specify USER one line before the CMD or ENTRYPOINT if you only want to use that user when launching a container (and not when building the image). When you start a container from the resulting image, you will attach as the specified user.

    0 讨论(0)
  • 抹茶落季
    2020-12-13 02:03

    Execute command as www-data user: docker exec -t --user www-data container bash -c "ls -la"

    0 讨论(0)
  • 闹比i
    2020-12-13 02:06

    You can run a shell in a running docker container using a command like:

    docker exec -it --user root <container id> /bin/bash

    0 讨论(0)
  • 野趣味
    2020-12-13 02:09

    This solved my use case that is: "Compile webpack stuff in nodejs container on Windows running Docker Desktop with WSL2 and have the built assets under your currently logged in user."

    docker run -u 1000 -v "$PWD":/build -w /build node:10.23 /bin/sh -c 'npm install && npm run build'

    Based on the answer by eigenfield. Thank you!

    Also this material helped me understand what is going on.

    0 讨论(0)
 看不清?
提交回复
热议问题