Docker Community Forums

Share and learn in the Docker community.

Swiching between root and non-root users from interactive console


(Ajnouri) #1

Hi everyone,
For lab testing purpose, I am using a container with multiple applications installed.
From interactive console, I need to run on demand applications when needed, some of them doesn’t run with root user.
I can create a non-root user + password then switch to it and run the app. but I cannot get back to root user, it requires a password!!
Can I switch back and forth between root and non-root users? Or maybe only launch the application from the prompt with non-root user?


(Sven Dowideit) #2

I use a combination of docker run and docker exec to enter containers with different UID’s:

$ docker run --rm -it --name test --user 1000 debian bash
I have no name!@0015685b2b6d:/$ whoami
whoami: cannot find name for user ID 1000

and in another terminal:

$ exit 
sven@t440s:~/src/hub2-demo$ docker exec -it --user root test bash
root@0015685b2b6d:/# 

http://docs.docker.com/reference/commandline/exec/


(Ajnouri) #3

Solved the issue as follow

  • From withib the interactive console:

su -c “process” -s /bin/sh

  • Concretely my case concerns “VideoLAN” application:

su -c “vls” -s /bin/sh vlc &

Priorly added instruction to create the user and set the apprpriate ownership in Dockerfile and rebuild it:

ENV HOME /home/vlc
RUN useradd --create-home --home-dir $HOME vlc
&& chown -R vlc:vlc $HOME
&& chown -R vlc:vlc /media
&& usermod -a -G audio,video vlc

References:
ht tps://registry.hub.docker.com/u/jess/vlc/dockerfile/
ht tp://serverfault.com/questions/351046/run-script-as-user-who-has-nologin-shell#


(Kakula) #4

Hi,

As u mentioned, “docker run --rm -it --name test --user 1000 debian bash” after running this command.
I have no name!@0015685b2b6d:/$ whoami
whoami: cannot find name for user ID 1000

Instead of this, i want to user name in the “I have no name!” section.
Like
username@@0015685b2b6d:/$ whoami
username

How this is possible. Please help me.


(Ajnouri) #5

Sorry for the late reply.
Just for the record:

This can be done by creating the user when building the image from a docker file, for example:

cat dockerfiletest

FROM ubuntu
RUN useradd me

build your image

docker build -t testcontainer -f dockerfiletest .

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
testcontainer latest 5e4fb8e507b2 15 minutes ago 188.3 MB

Now you can run your container with an existing user

$ docker run --user=“me” -it testcontainer /bin/bash

me@eba1ec6e6de3:/$ whoami
me@eba1ec6e6de3:/$me
me@eba1ec6e6de3:/$ id me
uid=1000(me) gid=1000(me) groups=1000(me)
me@eba1ec6e6de3:/$

Or you can add

USER me

at the end of the docker file so you can start with the non-root user “me” by default.