3

I have a container which needs to do some initialisation on startup that can only be done as root, but following good practice I don't want the container running as root.

I figured I should be able to create a script inside the container, owned by root and with the setuid bit set. The container can then be started with a non-root user, the initialisation done by executing the script, and the the container does what it needs to do.

This does not seem to work. Even though the script is owned by root and the setuid bit set, the initialisation script runs as the non-root user.

Should this work? Is there another (better) way?

I'm running with Docker for Desktop on a mac.

The initialisation I need to do is to update /etc/hosts with a value that can only be determined at run time from inside the container - specifically the IP address associated with host.docker.internal.

I have tried making /etc/hosts writable by the non-root user from within the Dockerfile. That doesn't work either. /etc/hosts is a mounted volume when in the docker file and chmod and chown seem to have no effect on the file in the running container.

Brian
  • 31
  • 2

1 Answers1

1

Probably to achieve your goal you can specify in the Dockerfile to use the non-root user after the installation script.

For example:

FROM ...
RUN ./install.sh
USER foo
...

This Dockerfile will launch the installer as root and after changing the user to the selected one.

Hope it can be useful for you!

Davide Imola
  • 69
  • 1
  • 10
  • Thank you Davide, but sadly not if I understand you correctly. The initialisation script must run when the container is run, not when the image is built. – Brian Jul 08 '20 at 16:38