This shows you the differences between two versions of the page.
— | blog:2022:01:30:2022-01-30_-_missing_user_in_docker_image [2022/01/30 20:40] (current) – created basz | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== 2022-01-30 - missing user in docker image ====== | ||
+ | most of the time i don't run docker images as '' | ||
+ | |||
+ | while i'm far from seeing logic in '' | ||
+ | |||
+ | many ppl on the internet suggest to just add your user to the image, or simply assume that UID:GID is 1000:1000. these are no-go for me. adding user to image makes it impossible to change later on, thus everyone is stuck with your hardcoded user... that might not even match their setup! while it's true that 1000:1000 is the most common on workstations, | ||
+ | |||
+ | so a workaround for situation this is needed. my current best take is via a proxy shell script, like this: | ||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | set -eu -o pipefail | ||
+ | |||
+ | # workaround for missing user account in /etc/passwd - some tools can't handle it... | ||
+ | read R_UID R_GID <<< | ||
+ | groupadd -g " | ||
+ | useradd -g " | ||
+ | |||
+ | if [ $# -eq 0 ] | ||
+ | then | ||
+ | exec setpriv --reuid " | ||
+ | fi | ||
+ | exec setpriv --reuid " | ||
+ | </ | ||
+ | |||
+ | it can then be added to '' | ||
+ | <code dockerfile> | ||
+ | FROM four_favorite_distro: | ||
+ | COPY shell_proxy / | ||
+ | ENTRYPOINT [" | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | and run container like this: | ||
+ | <code bash> | ||
+ | docker run \ | ||
+ | -it \ | ||
+ | --rm \ | ||
+ | -e REAL_USER=" | ||
+ | container \ | ||
+ | command arg1 arg2 ... | ||
+ | </ | ||
+ | |||
+ | so '' |