Docker is running container as _apt user

rimelek · November 13, 2021, 8:02pm

As I was trying to explain, the username does not matter at all. Without rootless Docker or using user namespaces both the container and the host will use UID 0 for the root user. Everything else can be different. Each container has its own user database and the container “decides” which ID will belong to which username. So you see the owner of a process is _apt because the host knows UID 100 and “thinks” it is the ID of “_apt” so it shows you to help you see a friendly name. If the container uses a userid which is not mapped to a username on the host, then you will see the userid not the name. No other difference.

User namespaces are to separate the user IDs in a container from the host. So the root user gets UID 0 on the host and it gets for example UID 100000 inside the container, except that the container “thinks” it has UID 0. It is just lying to the container about the UID.

Rootless containers are similar. If you don’t run the container as root, you will not have the permission to use any ID like UID 0 so it has to use user namespaces.

Topic		Replies	Views
Question about the USER in docker container General	2	3733	April 8, 2016
Confusion about the user a process run as General	2	4186	April 2, 2018
Why is rootless docker still running as root inside container? General docker	5	4180	March 7, 2023
Help me understand the benefits of rootless docker over PUID/PGID General docker	1	3675	June 7, 2022
Docker in Docker for non-root user General	4	11868	December 13, 2021

Docker is running container as _apt user

Related Topics