How to add user with dockerfile?

Question

How can I add a user with Dockerfile - the following does not work.

USER vault
WORKDIR /usr/local/bin/vault

My full Dockerfile:

FROM alpine:3.4
RUN apk update && apk add curl unzip
RUN useradd -ms /bin/bash vault

USER vault
WORKDIR /usr/local/bin/vault
ADD /vault.hcl /etc/vault/vault.hcl

RUN curl -SL https://releases.hashicorp.com/vault/0.5.0/vault_0.5.0_linux_amd64.zip > vault.zip
RUN unzip vault.zip -d /usr/local/bin && rm vault.zip

score 86 · Accepted Answer · edited Oct 26 '16 at 05:12

86

Use useradd instead of its interactive adduser to add user.

RUN useradd -ms /bin/bash  vault

Below command will not create user .

USER vault
WORKDIR /usr/local/bin/vault

it will use vault user

please Refer Dockerfile User Documentation

The USER instruction sets the user name or UID to use when running the image and for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile.

NOTE : Ensures that bash is the default shell.

If default shell is /bin/sh you can do like:

RUN ln -sf /bin/bash /bin/sh
RUN useradd -ms /bin/bash  vault

edited Oct 26 '16 at 05:12

zapping

4,118
6
38
56

answered Oct 04 '16 at 14:49

pl_rock

14,054
3
30
33

2

Show your Dockerfile, and the line `FROM` – user2915097 Oct 04 '16 at 14:59
1

`FROM alpine:3.4 RUN apk update && apk add curl unzip RUN useradd -ms /bin/bash vault USER vault WORKDIR /usr/local/bin/vault ADD /vault.hcl /etc/vault/vault.hcl RUN curl -SL https://releases.hashicorp.com/vault/0.5.0/vault_0.5.0_linux_amd64.zip > vault.zip RUN unzip vault.zip -d /usr/local/bin && rm vault.zip` – Atlantic0 Oct 04 '16 at 15:03
try last part of my answer – pl_rock Oct 04 '16 at 15:43
4

`useradd` command is not present in your base image `alpine`. i don't know about this image but this will run in ubuntu, centos etc. images. i tested using `FROM ubuntu:14.04` . do google about alpine useradd command – pl_rock Oct 04 '16 at 16:04
9

If You use alpine You must user addgroup and adduser `RUN addgroup -g ${GROUPID} -S ${USERNAME}` `RUN adduser -S -G ${USERNAME} -u ${USERID} -s /bin/bash -h ${USER_HOME} ${USERNAME}` – MortenB Oct 11 '16 at 08:35
I have an issue where if I don't specify the user id useradd will just start assigning uid from 1000 which will clash with already existing host users. – Satrapes Jan 29 '21 at 10:00
I get the following error: /bin/sh: useradd: not found – Berni Dec 23 '22 at 15:22

score 7 · Answer 2 · edited Oct 06 '20 at 17:14

7

To add group and to associate a new user, use code below.

FROM <base image>
RUN groupadd -g 2000 go \
&& useradd -m -u 2001 -g go go
USER go

OR

RUN addgroup -g 1001 -S appuser && adduser -u 1001 -S appuser  -G appuser

edited Oct 06 '20 at 17:14

dur

15,689
25
79
125

answered May 10 '18 at 17:47

Renato Coutinho

1,151
10
7

When I follow these steps while using the selenium docker image as the base image, the build is successful but when I run my image, it says groupadd: GID 2000 already exists. I have tried for different IDs and the same error persists. Is there any way I could resolve this ? Thanks – Amith Gopal Jul 02 '18 at 23:03
What is the selenium docker image are you using? – Renato Coutinho Jul 04 '18 at 12:58
elgalu/selenium:latest – Amith Gopal Jul 09 '18 at 16:48
Hi Amith, I couldn't reproduce this error! Just to test, try **centos:7** image. You will see these steps work are working well. When I put elgalu/selenium:latest, I have recieve the message "groupadd: Permission denied. groupadd: cannot lock /etc/group; try again later." This happens because just root user is able to create new user – Renato Coutinho Jul 12 '18 at 21:27
This would be better if group and name weren't the same, so one can read the signature of the useradd command easily – simon Oct 11 '21 at 11:10
-S is ambigous (shell or system) – Stephan Kristyn Jul 12 '22 at 16:13

score 4 · Answer 3 · answered Dec 17 '21 at 21:40

If you also want your user to have a password, use this for Alpine based-images:

FROM alpine
ARG USER=usernameThatYouWant
ARG PASS="some password"
RUN adduser -D $USER && echo "$USER:$PASS" | chpasswd

The ARG lines are there so you can (optionally) choose another username and password when building the image (without having to change the Dockerfile).
-D so that adduser doesn't set a password just yet.
Without this option adduser would become interactive and ask for a password. It doesn't accept this from the regular STDIN, so piping the password is also not an option.
echo "$USER:$PASS" | chpasswd to finally set the password.
Note that I do not set a shell with -s /path/to/some/shell in adduser because Alpine only has ash and sh available. Both of these are just symlinks to busybox anyway.
(But if you are going to install another shell in your image you probably do want to use it.)

For Ubuntu-based images use this:

FROM ubuntu
ARG USER=usernameThatYouWant
ARG PASS="some password"
RUN useradd -m -s /bin/bash $USER && echo "$USER:$PASS" | chpasswd

I am using:

useradd because here this is the program for non-interactive usage.
-m so that we the user has a homedir.
-s /bin/bash so that the user has bash as default shell.

(For most other base-images you will also need to use the Ubuntu-method )

How to add user with dockerfile?

3 Answers3

Linked