I am trying to add a crontab to my Docker container but I cannot leave the USER as root due to security regulations. Using the Dockerfiel below, the crond starts as user app and the crontab never triggers.
When leaving the user as root, everything works as expected but changing the user to app makes crond start as user app which is (i think) where the problem is. I tried How to start crond as non-root user in a Docker Container? but this does not help.
FROM alpine:3.9
ADD https://storage.googleapis.com/kubernetes-release/release/v1.6.4/bin/linux/amd64/kubectl /usr/local/bin/kubectl-binary
RUN chmod +x /usr/local/bin/kubectl-binary
COPY kubectl-retry-with-backoff.sh /usr/local/bin/kubectl
RUN chmod +x /usr/local/bin/kubectl
RUN apk add --no-cache bash sed curl redis=4.0.12-r0 ca-certificates su-exec shadow \
&& rm -rf /var/cache/apk/*
ADD crontab /etc/cron.d/delete-rdb
COPY delete_rdb.sh /usr/local/bin/delete_rdb.sh
COPY launcher.sh /usr/local/bin/launcher.sh
RUN chmod +x /usr/local/bin/delete_rdb.sh \
&& chmod 755 /etc/cron.d/delete-rdb \
&& chown -R app:app /etc/cron.d/delete-rdb \
&& chown -R app:app /usr/local/bin/delete_rdb.sh \
&& crontab /etc/cron.d/delete-rdb
ENTRYPOINT [ "bash", "-c" ]
CMD [ "usr/sbin/crond && /usr/local/bin/launcher.sh | tee /var/log/runner.txt" ]
USER app
I believe getting the crond to run as root will fix my problems but maybe there is a better way to do this altogether. Is there any way I can force crond to start as root via the Dockerfile? Or can I run crond as non-root somehow?
