I want to create a docker container with a node application which runs on a schedule. I'm attempting to have cron running in the foreground in the container and periodically start the application.
My problem is that I want to use the recommended user node which has limited permissions. Running this simple image:
FROM node:8-slim
RUN apt-get update && apt-get -y install cron
RUN mkdir /test \
&& chown node:node /test
ADD cron-test /etc/cron.d/cron-test
RUN chmod 0644 /etc/cron.d/cron-test
USER node
RUN crontab /etc/cron.d/cron-test
ENTRYPOINT [ "/bin/bash" ]
where cron-test looks like:
* * * * * echo "running as $(whoami)" >> /test/test.log
--empty line--
Results in:
$ docker run -v <path on host>:/test:rw test -c 'cron -f'
cron: can't open or create /var/run/crond.pid: Permission denied
Removing the switch to USER node in Dockerfile and running it as above creates a file /test/test.log and starts printing running as root to it.
Is it possible to run cron -f as an unprivileged user? Or would another approach be better?
I could, for example change the cron-job to be:
* * * * * su - node -c 'echo "running as $(whoami)" >> /test/test.log'
--empty line--
And remove USER node from the Dockerfile permanently. Which would enable me to do npm start as the node user, but I'm not sure whether this would be ok (as in: 'inline with best pratices') as the default user of the image would still be root?
I've also tried to make sure the permissions on cron related files, as per this answer, were correct but it didn't seem to have any effect. Creating the crond.pid file, and setting permissions directly on it, didn't seem like a great idea. Setting permissions like this is quite new to me so any advice is appreciated.
