I’m sure if you’ve used MongoDB, you are probably aware of the warnings upon startup telling you to run as a non-root user and to disable Transparent Huge Pages.

I’ve scoured the internet and have spent a good bit of time trying to remedy both of these things in my Docker container. However, nothing seems to work. The THP settings don’t seem to stick (still get warnings at startup) and I cannot run as a different user with sudo access. Mongo creates the user “mongodb” with the appropriate permissions on install, I’ve verified the user exists, yet the process is still owned by root. If I change to another user before my entrypoint, I receive a “no tty present” error.

This is on Ubuntu. I had begun to move to Alpine (as i have with my other images) but apparently Alpine’s package dependencies for mongo are screwed up (when i tried earlier this week at least).

Any help or relevant documentation on how to run MongoDB as a non-root user while disabling THP inside a Docker Container would be vastly appreciated!

*edit: I realize now that THP is a kernel level setting and therefore is not something that can be set within a container

When you do your docker run, you can pass in a -u mongodb flag, which will tell docker to launch the process in the container as that user. Just make sure your entrypoint script and processes can operate when run as that uid.

Thanks for your response! I am not issuing a “docker run” command via terminal, although after reading your response I tried that out briefly, but from your docs couldn’t figure the correct way (https://docs.docker.com/engine/reference/run/ neither “-u mongodb” or “–user mongodb” worked **although my docker version is old: 1.10.2). Ideally I would like this to be set inside the dockerfile itself (at the point of CMD or ENTRYPOINT), so that anytime the container is started the user is non-root. I have tried changing users within the Dockerfile using USER but as i said, the owner of the process is still “root”.

The official mongo docker image uses gosu to run mongod using mongodb user. The gosu is called inside mongo docker-entrypoint.sh.

You are right. THP is the kernel level setting. You would have to set it at os. Docker container will inherit it.