Follow me on twitter: emmanuelnk
WARNING: This is generally considered NOT SECURE and thus do not use the methods in this article in a production container.
I have a particular use case that justifies this usage. Now you can read on.
Recently I wrote a pure bash menu program that has install scripts for various Ubuntu software I use. This is to allow me to reproduce my dev environment as fast as possible on a new Ubuntu installation.
I want to release this program as an open source tool and for that reason it needs testing and CI. Docker is perfect for this. Except for one thing. Most docker images use user root
to execute commands. This is fine for most intent and purposes. But to appropriately test my program, I would need to be a non-root user inside the docker container.
Changing the root user
This is trivial and actually quite common in Dockerfiles. By default, most docker images, including ubuntu:latest
have USER
set to root
. This can be changed by creating a new user in a Dockerfile
by:
RUN useradd -ms /bin/bash newuser
# where
# -m -> Create the user's home directory
# -s /bin/bash -> Set as the user's
# default shell
USER newuser
This will create a newuser
without root privileges to run commands in the container.
NB: You can add && echo 'pa55w0rd' | chpasswd
right after the useradd
to set a password.
For my use case, I need the password disabled and I need to NOT be prompted for a password when using sudo
command. Now you may be asking, why would someone want to do this?
Well if you're using docker in CI and need to test certain commands being run as a regular user then this is the way. For example, on my machine, I am the USER=emmanuel
. I don't have root privileges and when I need to install something, I do sudo apt-get install
and enter my password to give me su access.
For my project, I'm trying to test install scripts as a regular user and thus these scripts use sudo
and variables such as $HOME
a lot ($HOME
for root
is /root
). Hence using the default that most docker images have, programs would not install in the correct locations or not install correctly at all. This is not good.
Anyway, enought talking. This is what my Dockerfile
looks like to accomplish this. Explanations in the comments.
# Get latest official Ubuntu image
FROM ubuntu
# ubuntu:latest does not have sudo
# fetch it and install it
RUN apt-get update && apt-get install -y sudo
# Create new user `docker` and disable
# password and gecos for later
# --gecos explained well here:
# https://askubuntu.com/a/1195288/635348
RUN adduser --disabled-password \
--gecos '' docker
# Add new user docker to sudo group
RUN adduser docker sudo
# Ensure sudo group users are not
# asked for a password when using
# sudo command by ammending sudoers file
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> \
/etc/sudoers
# now we can set USER to the
# user we just created
USER docker
# we can now run sudo commands
# as non-root user `docker` without
# password prompt
RUN sudo apt-get update
WORKDIR /home/docker/src
COPY . .
That's it. Thanks!
If you have suggestions, improvements or want to correct me, let me know in the comments!
If this helped you out, follow me on twitter: emmanuelnk
Top comments (2)
To my understanding,
%sudo ALL=(ALL) NOPASSWD:ALL
grantsnewuser
(and any other user eventually added to the sudo group) permission to execute absolutely any command without being asked for password. I'd rather do something like:The password setting was not successful. I had to use
&& echo 'newuser:pa55w0rd' | chpasswd
instead.