Running Nginx official image as non root

rimelek · May 1, 2023, 1:52pm

It seems you are not aware of what userns-remap is. The point of using a user namespace is that the usr ids in the container and outside containers will be different, so when you mount a folder from the host, a process in the container can’t change anything. You don’t need a UID 101 on the host. You need it in the container, but it is just virtually 101. In reality it is something userns minimum UID + 101 and the minimum UID becomes zero in the container, which means root. This is how rootless containers work too. Your user will run Docker and your user become the root in the container so you can mount files from your home to be owned by root in the container.

Why would it? the problem is not the folder being read-only, but the different UID and GID.

Topic		Replies	Views
Understanding nginx image and the created nginx user? General security	3	2814	October 9, 2023
Can mount nginx configuration volume General	4	24643	August 16, 2022
How to configure Dockerfile to run container as non-root user General	1	1968	May 11, 2024
Solution Required for nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied) Docker Hub security , docker	1	8884	December 11, 2023
Solution required for nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied) encountered during docker run Docker Hub security , docker	4	1705	December 12, 2023

Running Nginx official image as non root

Related topics