19

I am Dockerising my first flask app and following an online guide but stuck with the following line in Dockerfile.prod.

RUN addgroup -S app && adduser -S app -G app

I get the error Option s is ambiguous (shell, system)

I came across this SO post and tried the accepted answer (pretty much the same):

RUN addgroup -S appgroup && adduser -S appuser -G appgroup

With the same outcome. I have tried specifying --shell and --system, and --group instead get the error addgroup: Only one or two names allowed.

No matter what I try, I get these errors: Option s is ambiguous (shell, system) Option g is ambiguous (gecos, gid, group)

I am on Windows (using Docker, not Docker Windows). Not sure if that's the issue. But I cannot find a solution.

Dockerfile.prod

FROM python:3.8.1-slim-buster as builder

# set work directory
WORKDIR /usr/src/app

# set environment variables
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

# install system dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends gcc

# lint
RUN pip install --upgrade pip
RUN pip install flake8
COPY . /usr/src/app/
RUN flake8 --ignore=E501,F401,E722 .

# install python dependencies
COPY ./requirements.txt .
# COPY requirements .

RUN pip wheel --no-cache-dir --no-deps --wheel-dir /usr/src/app/wheels -r requirements.txt
# RUN pip wheel --no-cache-dir --no-deps --wheel-dir /usr/src/app/wheels -r requirements/prod.txt

# pull official base image
FROM python:3.8.1-slim-buster

# create directory for the app user
RUN mkdir -p /home/app

# create the app user
RUN addgroup -S app && adduser -S app -G app

# create the appropriate directories
ENV HOME=/home/app
ENV APP_HOME=/home/app/web
RUN mkdir $APP_HOME
WORKDIR $APP_HOME

# install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends netcat
COPY --from=builder /usr/src/app/wheels /wheels

COPY --from=builder /usr/src/app/requirements.txt .
# COPY --from=builder /usr/src/app/requirements/common.txt .
# COPY --from=builder /usr/src/app/requirements/prod.txt .

RUN pip install --upgrade pip
RUN pip install --no-cache /wheels/*

# copy entrypoint-prod.sh
COPY ./entrypoint.prod.sh $APP_HOME

# copy project
COPY . $APP_HOME

# chown all the files to the app user
RUN chown -R app:app $APP_HOME

# change to the app user
USER app

# run entrypoint.prod.sh
ENTRYPOINT ["/home/app/web/entrypoint.prod.sh"]
ron_g
  • 1,474
  • 2
  • 21
  • 39
  • Please specify an example of your Dockerfile with the FROM part. I think it is important what kind of Container image is used. –  Jan 23 '21 at 13:58

2 Answers2

33

I do understand you would like to create a user and group both called "app" and the user shall be in that group, both being a system account/group.

That's possible by online using adduser

RUN adduser --system --group app
NightDragon
  • 481
  • 4
  • 4
2

Maybe this helps: https://github.com/mozilla-services/Dockerflow/issues/36

Depending on the underlying distribution of the container, these options can be ambiguous. The options should use the full name format for readability.

  • I had tried using `groupadd` and `useradd` instead of `addgroup`/`adduser` to no avail. – ron_g Jan 23 '21 at 15:48