Docker Community Forums

Share and learn in the Docker community.

How can I update a service's /etc/hosts file when running as non-root user?


(Alex Babeanu) #1

So I am required to run a Service as a non root user, i.e.,
docker service create --name myservice --replicas 2 --user xyz --env....

And part of the service creation process is to add the resulting containers’ IP and given hostnames to the /etc/hosts files of those containers, but this always fails as user xyz has no permissions to /etc/hosts.
Note that I need to modify the hosts file at Service create time since I don’t know which nodes the service will be created on ahead of time…

Here’s my docker file:

FROM tomcat:8-jre8

ENV CATALINA_HOME /usr/local/tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
WORKDIR $CATALINA_HOME

EXPOSE 8080 8443

(...)

ADD new-user.sh /tmp/new-user.sh

# Install some basic container utilities
RUN apt-get update &&  apt-get install -y \
gettext-base \
sudo \
vim \
    && rm -rf /var/lib/apt/lists/*

# Create USER
RUN envsubst < /tmp/new-user.sh > ./tmp_new-user \
    && cp ./tmp_new-user /tmp/new-user.sh \
    && chmod 755 /tmp/new-user.sh \
    && /tmp/new-user.sh

RUN chown root:openam /tmp/config.sh
RUN chmod u+s /tmp/config.sh
RUN chgrp openam /etc/hosts
#RUN sudo chmod 666 /etc/hosts

# Install and configure OpenAM at runtime
ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre

CMD ["/tmp/run-process.sh"]

The New User sh:

    useradd -m -p ${USR_PWD} -m -s /bin/bash ${USR}
    groupadd openam
    usermod -a -G openam ${USR}

And the run-process.sh, where I try to update the /etc/host when the service gets created:

(...)
server_host=$(echo $SERVER_URL | awk -F/ '{print $3}' | awk -F: '{print $1}')
echo $(grep $(hostname) /etc/hosts | cut -f1) $server_host >> /etc/hosts
(...)

==> No matter what I setup in the Dockerfile, at the time the service containers are up, the /etc/hosts file always has the default/system permissions (644)…

So any idea how to be able to update /etc/hosts at service creation time while running as a non-root user?
Many thanks for any insights !


(Vadslu) #2

Here is how you add new hosts into the /etc/hosts file on the docker container.

docker service create --name container_name --replicas 1 --publish 88:80 \
    --entrypoint '/sbin/entrypoint.sh' \
--host mongo1:192.168.10.106 \
    --host mongo2:192.168.10.187 \
    --host mongo3:192.168.10.74