1

I tried running the latest builds of debian and alpine but seems to run as root user.

I expected echo $USER should not return root if it returns empty; then I need to verify with the command whoami if that also returns root we have logged into docker container in root mode which can lead to a vulnerability.

Joe Pauly
  • 337
  • 3
  • 19
  • What do you need actually? – samthegolden Jan 21 '20 at 11:49
  • Does this answer your question? https://stackoverflow.com/questions/35734474/connect-to-docker-container-as-user-other-than-root – samthegolden Jan 21 '20 at 11:51
  • You can always `docker run -u 0 ...` to get a root shell based on an image, and if you can `docker run` anything then you can `docker run -v /:/host busybox cat /host/etc/shadow` and similar things to trivially root the host. What are you trying to accomplish, and what do you mean by "rootless"? – David Maze Jan 21 '20 at 11:56
  • need a debian or alphine based image which can be used for building docker images ,which can be used to make another rootless docker image which can be run by my k8s cluster – Joe Pauly Jan 21 '20 at 11:57
  • FROM mcr.microsoft.com/dotnet/core/sdk:2.2-alpine3.9 AS release when i run create an image using the above image and do the docker run or deploying to k8s cluster will create a user that is logged in as root on my cluster – Joe Pauly Jan 21 '20 at 12:01

2 Answers2

2

The usual way to deal with this is to override this in your Dockerfile (you can do docker run --user, but that can be confusing to programs since e.g. there won't be a home directory setup).

FROM ubuntu
RUN useradd --create-home appuser
WORKDIR /home/appuser
USER appuser

More details, and some other things you can do to secure your container: https://pythonspeed.com/articles/root-capabilities-docker-security/

Itamar Turner-Trauring
  • 3,430
  • 1
  • 13
  • 17
1

According to this StackOverflow answer, you need to pass the parameter --user <user> in order to login as non-root user.

Example: docker run -it --user nobody alpine

samthegolden
  • 1,366
  • 1
  • 10
  • 26