Running Docker Containers as Non-Root User

https://www.geeksforgeeks.org/running-docker-containers-as-non-root-user/

By default, Docker Containers run as Root Users. Now, if you are running applications inside Docker Containers, you have access to all the root privileges. This poses a great security threat when you deploy applications on large scale inside Docker Containers. Because if somehow your application gets hacked by external users, other applications running inside the Containers would also be a huge risk. Moreover, if your Docker Container is part of a network, then the whole network has the risk of getting hacked. To avoid this, you need to make sure that you run the Docker Containers as non-root users.

In this article, we will discuss two different ways using which you can create and add non-root users inside Docker Containers.

How to set non-root user

https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user

While any images or Dockerfiles that come from the Dev Containers extension will include a non-root user with a UID/GID of 1000 (typically either called vscode or node), many base images and Dockerfiles do not. Fortunately, you can update or create a Dockerfile that adds a non-root user into your container.

Running your application as a non-root user is recommended even in production (since it is more secure), so this is a good idea even if you're reusing an existing Dockerfile. For example, this snippet for a Debian/Ubuntu container will create a user called user-name-goes-here, give it the ability to use sudo, and set it as the default:

ARG USERNAME=user-name-goes-here
ARG USER_UID=1000
ARG USER_GID=$USER_UID

# Create the user
RUN groupadd --gid $USER_GID $USERNAME \
    && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
    #
    # [Optional] Add sudo support. Omit if you don't need to install software after connecting.
    && apt-get update \
    && apt-get install -y sudo \
    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
    && chmod 0440 /etc/sudoers.d/$USERNAME

# ********************************************************
# * Anything else you want to do like clean up goes here *
# ********************************************************

# [Optional] Set the default user. Omit if you want to keep the default as root.
USER $USERNAME

Using sudo Command Inside the Container

https://www.baeldung.com/ops/root-user-password-docker-container

Docker containers typically run with root as the default user. To share resources with different privileges, we may need to create additional users inside a Docker container.

Here we'll create a Dockerfile, and add a new user. Importantly, we'll also install the sudo package in the Docker container while building the image. When this user needs extra privileges, it can access them using the sudo command.

Let's check out the Dockerfile:

FROM ubuntu:16.04
RUN apt-get update && apt-get -y install sudo
RUN useradd -m john && echo "john:john" | chpasswd && adduser john sudo
USER john
CMD /bin/bash

本栏目推荐文章
• Centos安装docker步骤
• A connection was successfully established with the server but then an error
• 记一次docker出全linux的内网渗透题目(仿照2023铸剑杯)
• mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; ERROR 1410 (42000): You are not allowed to create a user with GRANT
• org.springframework.kafka.listener.ListenerExecutionFailedException: Listener method could not be invoked with the incoming message
• k8s 将 cri 从 docker 切换到 containerd
• Dynamics 365 Finance & Operations with Power Automate
• 一文快速了解 Docker 和 Kubernetes
• Docker：docker部署influxdb时序数据库
• Docker：docker部署mqtt(eclipse-mosquitto:2.0.15)服务

priviledge docker with root nonpriviledge docker with root desktop docker using with docker命令 用户root database docker mysql with install docker kibana with docker volume with env docker images with priviledge non non-zero