useradd not in amazonlinux base image

Question

It seems that useradd is not in amazonlinux docker base image.

useradd will work when when my Dockerfile install openldap-devel, so RUN useradd my_user will work when I my image have the following:

FROM amazonlinux

RUN yum -y install python3 \
    gcc \
    python3-pip \
    python3-devel \
    openldap-devel

When my image is just build from

FROM amazonlinux

RUN yum -y install python3 \
    gcc \
    python3-pip \
    python3-devel

The command RUN useradd my_user fails with the error message /bin/sh: useradd: command not found

How do I install useradd in an amazonlinux base image without having to install all openldap-devel

score 32 · Accepted Answer · answered Jul 17 '19 at 09:54

32

I managed to figure out what package useradd belongs by running the following command on an AmazonLinux EC2 machine:

$ yum whatprovides /usr/sbin/useradd

2:shadow-utils-4.1.5.1-24.amzn2.x86_64 : Utilities for managing accounts and shadow password files
Repo        : amzn2-core
Matched from:
Filename    : /usr/sbin/useradd

So changing my Dockerfile to the following made it work:

FROM amazonlinux

RUN yum -y install python3 \
    python3-pip \
    shadow-utils

answered Jul 17 '19 at 09:54

Demeter P. Chen

823
1
7
16

is it dependent on python itself? – mike01010 Mar 25 '23 at 16:14
to answer my own question - no python is not required for shadow-utils functions – mike01010 Apr 01 '23 at 20:03

score 5 · Answer 2 · answered Mar 11 '22 at 14:05

you can use the shadow-utils package as demeter has pointed out.

In my case, installing shadow-utils took too long in order to create my docker image, because it installed many dependencies. So I'll give you 2 alternatives:

1 - Use docker USER command:

You can do this in your Dockerfile:

FROM amazoncorretto:11.0.14-al2
USER 1000

This will allow you to start the container with a non-root user. From here, you can see that you don't need the user to exist. The downside is that this user has no name and no $HOME. I think this would usually be ok, but if there's any software in the container that needs a $HOME folder, it could give some problems.

2 - Use an existing user:

In the container, if you run cat /etc/passwd you'll see a list of existing users. Usually you'll have the nobody user that has the least permissions. So in your Dockerfile you can do:

FROM amazoncorretto:11.0.14-al2
USER nobody

and you're good

I liked the idea of using `nobody`, but ran into the problem that (on Amazon Linux 2) the `nobody` user has a `$HOME` of `/`. That caused issues because I had references like `$HOME/blah` then ended up resolving to paths like `//blah`. — Shorn, Mar 12 '22 at 03:21

score 1 · Answer 3 · answered Jun 08 '23 at 17:25

1

Running docker on amazonlinux2, these days I use this:

RUN yum install -y /usr/sbin/adduser

Docker it seems does the equivalent of whatprovides and loads the right things, in this case, shadow-utils and libsemanage.

answered Jun 08 '23 at 17:25

Jonathan Bliss

151
1
5

useradd not in amazonlinux base image

3 Answers3

1 - Use docker USER command:

2 - Use an existing user: