4

I'm trying to write a Dockerfile that creates a user with a home directory who is part of sudoers group and that launches the container as this user.

The problem I'm facing is that, from within the container, every command needs to be prepended sudo, which obviously creates permission issues for every file that's created.

My reasoning behind doing this is that I want a container that mimics a clean linux environment from which I can write install scripts for users.

Here is a copy of my Dockerfile so far:

FROM ubuntu:20.04
 
# Make user home
RUN mkdir -p /home/nick

# Create a nick  user
RUN useradd -r -d /home/nick -m -s /sbin/nologin -c "Docker image user" nick
# Add to sudoers
RUN usermod -a -G sudo nick
# Change ownership of home directory
RUN chown -R nick:nick $HOME
# Set password
RUN echo "nick:******" | chpasswd
# Install sudo
RUN apt-get -y update && apt-get -y install sudo

ENV HOME=/home/nick
WORKDIR $HOME

USER nick
nick
  • 105
  • 6
  • If the user can do literally anything so long as they remember to type `sudo` first then the user doesn't actually have restricted permissions. Delete all of this and specify `USER root` instead. A proper virtual machine will be a better match for testing an installer on a standard Linux distribution. – David Maze Apr 29 '22 at 13:37
  • @DavidMaze , I'm not sure I fully follow. The user can do literally anything as long as they remember to type `sudo` **and** use their password. But what's the difference here than any user with admin rights on, for example, native linux? – nick Apr 29 '22 at 13:48
  • A Docker container only runs a single process, and you don't usually log into it interactively. I often see this recipe around "I need to `sudo apt-get install` but can't type the password into the Dockerfile", and the standard answer is "just directly become root and don't install `sudo`". – David Maze Apr 29 '22 at 13:53
  • Sure, I get you. But, I'm trying to build install scripts that will work for users rather than root. I want to use `sudo` where it would be necessary for a user, e.g. with `apt`. – nick Apr 29 '22 at 14:20
  • why doesn't your docker file work? – Charlie Parker Sep 15 '22 at 02:46
  • did you try this: https://stackoverflow.com/questions/25845538/how-to-use-sudo-inside-a-docker-container? Did it fail for you? why? – Charlie Parker Sep 15 '22 at 02:48
  • When neither sudo nor apt-get is available in container, you can also jump into running container as root user using command `docker exec -u root -t -i container_id /bin/bash`. Did you try this? – Charlie Parker Sep 15 '22 at 02:49
  • is this true: "The problem I'm facing is that, from within the container, every command needs to be prepended sudo, which obviously creates permission issues for every file that's created."? also, why don't you install sudo at the beginning? `RUN apt-get -y update && apt-get -y install sudo` so that you can run it later...? – Charlie Parker Sep 15 '22 at 18:07
  • Can you elaborate on the problems you are facing by giving examples of how you are using the docker container ? – Philippe Sep 15 '22 at 20:14

1 Answers1

1

I don't understand why this doesn't work:

FROM continuumio/miniconda3
# FROM --platform=linux/amd64 continuumio/miniconda3

MAINTAINER Brando Miranda "brandojazz@gmail.com"

RUN apt-get update \
  && apt-get install -y --no-install-recommends \
    ssh \
    git \
    m4 \
    libgmp-dev \
    opam \
    wget \
    ca-certificates \
    rsync \
    strace \
    gcc \
    rlwrap \
    sudo

# https://github.com/giampaolo/psutil/pull/2103

RUN useradd -m bot
# format for chpasswd user_name:password
RUN echo "bot:bot" | chpasswd
RUN adduser bot sudo

WORKDIR /home/bot
USER bot

# CMD /bin/bash
Charlie Parker
  • 5,884
  • 57
  • 198
  • 323