Follow me on twitter: emmanuelnk
WARNING: This is generally considered NOT SECURE and thus do not use the methods in this article in a production container.
I have a particular use case that justifies this usage. Now you can read on.
Recently I wrote a pure bash menu program that has install scripts for various Ubuntu software I use. This is to allow me to reproduce my dev environment as fast as possible on a new Ubuntu installation.
I want to release this program as an open source tool and for that reason it needs testing and CI. Docker is perfect for this. Except for one thing. Most docker images use user
root to execute commands. This is fine for most intent and purposes. But to appropriately test my program, I would need to be a non-root user inside the docker container.
This is trivial and actually quite common in Dockerfiles. By default, most docker images, including
USER set to
root. This can be changed by creating a new user in a
RUN useradd -ms /bin/bash newuser # where # -m -> Create the user's home directory # -s /bin/bash -> Set as the user's # default shell USER newuser
This will create a
newuser without root privileges to run commands in the container.
NB: You can add
&& echo 'pa55w0rd' | chpasswd right after the
useradd to set a password.
For my use case, I need the password disabled and I need to NOT be prompted for a password when using
sudo command. Now you may be asking, why would someone want to do this?
Well if you're using docker in CI and need to test certain commands being run as a regular user then this is the way. For example, on my machine, I am the
USER=emmanuel. I don't have root privileges and when I need to install something, I do
sudo apt-get install and enter my password to give me su access.
For my project, I'm trying to test install scripts as a regular user and thus these scripts use
sudo and variables such as
$HOME a lot (
/root). Hence using the default that most docker images have, programs would not install in the correct locations or not install correctly at all. This is not good.
Anyway, enought talking. This is what my
Dockerfile looks like to accomplish this. Explanations in the comments.
# Get latest official Ubuntu image FROM ubuntu # ubuntu:latest does not have sudo # fetch it and install it RUN apt-get update && apt-get install -y sudo # Create new user `docker` and disable # password and gecos for later # --gecos explained well here: # https://askubuntu.com/a/1195288/635348 RUN adduser --disabled-password \ --gecos '' docker # Add new user docker to sudo group RUN adduser docker sudo # Ensure sudo group users are not # asked for a password when using # sudo command by ammending sudoers file RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> \ /etc/sudoers # now we can set USER to the # user we just created USER docker # we can now run sudo commands # as non-root user `docker` without # password prompt RUN sudo apt-get update WORKDIR /home/docker/src COPY . .
That's it. Thanks!
If you have suggestions, improvements or want to correct me, let me know in the comments!
If this helped you out, follow me on twitter: emmanuelnk