27

Edit: The answer is so clear. One may use the flag --user root when entering the container.

docker exec -it --user root mycontainername bash                 or sh

I just downloaded this official docker hub's 1.5.0-alpine image for a service (Kong API Gateway) and now I can not run apk commands to install nano, for instance.

Before, I just had to enter the container 

docker exec -it kong sh

or

docker-compose exec kong sh

and I was able to run commands like apk update or apk add nano, for instance.

But now I get these errors

$ apk update                                                                                                                                   
ERROR: Unable to lock database: Permission denied                                                                                                
ERROR: Failed to open apk database: Permission denied

$ apk add nano
ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied

I also tried to run sudo and su... but I got

$ su
su: must be suid to work properly
$ su root
su: must be suid to work properly
$ suid
sh: suid: not found

Will I really need to build my own custom image? I was using the official one and it was working fine.

ofundefined
  • 2,692
  • 2
  • 18
  • 35
  • 1
    Building your own custom image is a very routine part of using Docker, and I wouldn't shy away from it. (If you do succeed in `apk add ...` as you've shown, that work will get lost as soon as you delete the container; writing that down in a Dockerfile is a good way to make it happen repeatably.) – David Maze May 08 '20 at 17:21
  • 3
    You are right. But it's convenient to use `apk add` or `apt install` inside one container and not persist those packages added/installed. Just for debugging something in that moment. – ofundefined May 09 '20 at 03:29

3 Answers3

51

You can run a command within the container as root using --user root. To get a shell:

docker exec -it --user root kong sh
chash
  • 3,975
  • 13
  • 29
  • 3
    if im not able to connect with root? error: auth info "root" does not exist there's any way to create it? – NoamiA Jan 17 '21 at 11:56
  • 1
    @NoamiA That sounds like a problem with `kubectl` (see [this answer](https://stackoverflow.com/questions/58221955/how-to-install-new-packages-in-a-non-root-running-container)). – chash Mar 05 '21 at 00:39
1

In your docker file you can use the chmod command to set the SUID bit in the su command, located at /file like this RUN chmod u+s /file The u+s option specifies that the SUID bit should be set on the file. The u refers to the permissions for the owner of the file, and the +s means to add the SUID bit to the file's permissions.

Patrick Muoka
  • 11
  • 2
0

You must use $CONTAINER_ID :

docker exec -it --user root $CONTAINER_ID /bin/sh
Oleg Konstantinov
  • 129
  • 2
  • 1
    [This is simply not true](https://docs.docker.com/engine/reference/commandline/exec/). It's perfectly valid to use the container name, e.g. `docker run --name ubuntu_bash --rm -i -t ubuntu bash` then `docker exec -it ubuntu_bash bash`. – c24w Apr 30 '21 at 16:51