Docker Community Forums

Share and learn in the Docker community.

Run crond as non-root user on alpine linux

Hey everyone, i’m trying to run crond as a non-root user within a container inside of the lastest alpine linux image.

I’m specifying a specific crondir that only contains my user’s crontab:

docker run -it --env-file ./environments/test.env blah:123 crond -f -d 0 -c /home/hustle/backend/config/cron

However, when it runs I see the message “crond: can’t set groups: Operation not permitted” and the command (just a simple echo statement) does not execute.

When i run the container as the root user (with docker’s -u flag specifying to run as “root”), it runs just fine, echos the output, etc…,

Any ideas on why that may be the case or what I can do to run crond as a non-root user successfully?

Would very much like to know as well, running into the same issue.

I think it’s not possible using crond.

you can see following qoute In this alpine docker github issue:

Remember: crond should be started as root at all times.

Hi,

You can dig the error by using strace on the docker (running option ‘–privileged’ needed):

sudo apk add --no-cache strace
strace -f -s 1024 -ttT -o /tmp/trace.log crond -f -d 0 -c /home/hustle/backend/config/cron

From strace logs the error " can’t set groups: Operation not permitted" was thrown by syscall setgroups, called by crond.c, as the CAP_SETGID needed by setgroups commonly crond NOT be running.

I just coded the fix, and the patched alpine: geekidea/alpine-cron, and more details

Thanks