How do I run the docker container itself as non-root user

Question

I have a docker container image that I need to run as a non-root user.

1. Adding the user to docker group does this, but since this gives full root control of the system to the user, I cannot use this method.

2. Giving sudo permissions and executing the docker run command is another way, but with sudo the ownership of the container run command is still with "root". (My need is it should list the user as the owner)

3. I can specify a user run time in the docker run command. With this, I see that I am able run as a non-root "inside" the container. I still have to prefix the container run command with sudo and the container is run by "root"

4. I cannot have the non-root user added into the Dockerfile, since the container image is not created by us.

Is there any way I can execute the docker container as non-root, without compromising security? Is there a way, that a user can be added to docker group but the privileges are limited and the user does not get full root control of the system?

Answer 1

By default, the docker command can only be run the root user or by a user in the docker group, which is automatically created during Docker's installation process.

If you want to avoid typing sudo whenever you run the docker command, add your username to the docker group:

sudo usermod -aG docker ${USER}

To apply the new group membership, log out of the server and back in, or type the following:

su - ${USER}

You will be prompted to enter your user's password to continue.

Confirm that your user is now added to the docker group by typing:

id -nG