Adding capabilities to containers running as non-root users

General
2

I am replying my own thread: this worked:

# cat Dockerfile
FROM centos:7
RUN setcap cap_chown+ie /usr/bin/chown
RUN useradd blah
RUN useradd tester
 
# docker build -t chown-image:1.0.0 .
 
# docker container run --rm -it -u blah chown-image:1.0.0 bash
[blah@55cdc998b62e /]$ whoami
blah
[blah@55cdc998b62e /]$ touch file.txt
[blah@55cdc998b62e /]$ ls -al file.txt
-rw-r--r-- 1 blah blah 0 Oct  2 19:35 file.txt
[blah@55cdc998b62e /]$ chown blah:tester file.txt
[blah@55cdc998b62e /]$ ls -al file.txt
-rw-r--r-- 1 blah tester 0 Oct  2 19:35 file.txt
4 Likes