Docker

Docker Add User

1 year ago
by John Otieno
User management is probably one of the most basic yet fundamental features of any system. Limiting the permissions and tasks that a user can perform within a system provides a safeguard that prevents severe implications in case of a system compromise.

However, you will notice that most Unix-based images in Docker run as root and do not contain low-level users. This can pose a security issues if an application running on the container is compromised. For example, running the application as root can allow for privilege escalation from the container to the host system.

It is also useful when you need to run specific processes or applications with limited permissions or to match the user’s identity with the host system.

Therefore, in this tutorial, we are going to learn how to add a new user to a Docker container, removing the need to run the application as the root user.

Adding Users Using Dockerfile

Dockerfiles are an essential part of Docker extensibility as they allow us to define the configuration for Docker images. This allows us to specify base images, add files, set environment variables, and more.

We can also specify user-related instructions in the Dockerfile, which can allow us to create and configure users when building an image.

To add a user during image creation, we can use the USER and RUN instructions in the Dockerfile.

The example shown below demonstrates how to use these directives to create a new user.

FROM ubuntu:latest

RUN useradd -m linuxuhint

USER linuxhint

In the above example, we use the FROM directive to specify the based image as Ubuntu, in this case.

We also use the RUN directive to execute the useradd command. This should create a new user with the specified username.

Finally, we use the USER command to set the default user for the subsequent command to the newly created user.

User Management Inside a Running Container

We can also manage users within a running container using standard Linux user management commands such as useradd, usermod, and userdel.

It is good to keep in mind that such changes will not persist when the container is stopped or removed unless we commit them to a new image layer.

Docker Add User with Minimal Permissions

Suppose we want to run a web server with minimal permissions. We can create a user and set the ownership of the web server process to that user, as shown in the example definition.

FROM nginx:latest

RUN useradd -m -s /sbin/nologin webadmin

RUN chown -R webadmin:webadmin /var/www/html

USER webadmin

Docker Add User with Specific UID and GID

To specify a specific UID and GID for a user, we can use the -u and -g options with the useradd command, as shown:

FROM ubuntu:latest

RUN useradd -m -u 1001 -g 1001 linuxhint

Docker Run Processes as Non-Root User

To run a specific process as a non-root user, we can use the USER instruction in the Dockerfile, as demonstrated below:

FROM python:latest

RUN useradd -m pyuser

USER pyuser

CMD ["python", "my_script.py"]

Conclusion

In this tutorial, we learned how we can quickly and efficiently add new users to Docker containers using the Dockerfile and basic Linux commands.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts