0

I have this Dockerfile:

FROM ubuntu:bionic

RUN mkdir /usr/custom
ADD script.sh /usr/custom
RUN chmod =rx /usr/custom/script.sh
RUN useradd -ms /bin/bash -u 1001 someusr
USER someusr
WORKDIR /home/someusr

where script.sh (it is in the same directory as Dockerfile) contains:

#!/bin/bash
whoami

Build the image with:

docker image build --tag my_ubuntu_bionic:auto .

Then run it with:

docker run --rm --name ubl --user=1001 my_ubuntu_bionic:auto /usr/custom/script.sh

and it displays root.

How can I run the script as someusr ? The --user parameter doesn't seem to have any effect (--user=someusr doesn't work).

Ultimately I want script.sh to execute in the context of a user that has minimum permissions. The solutions that I've seen on SO assume a linux host.

Versions:

Docker version 19.03.5, build 2ee0c57608
OS Name: Microsoft Windows Server 2019 Datacenter
Version: 10.0.17763 Build 17763

Thanks

boggy
  • 3,674
  • 3
  • 33
  • 56

2 Answers2

0

You need to add ownership to the folder where someusr script works it.

FROM ubuntu:bionic

RUN mkdir /usr/custom
ADD script.sh /usr/custom
RUN chmod +rx /usr/custom/script.sh
RUN useradd -ms /bin/bash -u 1001 someusr
RUN chown someusr -R /usr/custom
USER someusr
WORKDIR /home/someusr

I've tested this it is displaying 'someusr'. enter image description here

PavanDevarakonda
  • 625
  • 5
  • 27
  • I just tested it and it doesn't work :-( Are you testing on linux or windows? It looks like linux to me in the screenshot. – boggy Jan 01 '20 at 09:53
  • If your host is windows server, can you please specify your windows & docker versions? – boggy Jan 01 '20 at 09:55
0

I ended up using the runuser command:

docker run --rm --name ubl --user=1001 my_ubuntu_bionic:auto runuser -l someusr -c whoami
boggy
  • 3,674
  • 3
  • 33
  • 56