如何将用户添加到Docker容器?

我有一个docker容器，里面运行着一些进程(uwsgi和芹菜)。为了分配权限，我想为这些进程创建一个芹菜用户和一个uwsgi用户，以及它们都属于的工作组。

我尝试将RUN adduser uwsgi和RUN adduser芹菜添加到我的Dockerfile中，但这导致了问题，因为这些命令提示输入(我已经在下面发布了构建的响应)。

将用户添加到Docker容器中，从而为容器中运行的工作者设置权限的最佳方法是什么?

我的Docker映像是基于官方Ubuntu14.04基础构建的。

下面是运行adduser命令时Dockerfile的输出:

Adding user `uwsgi' ...
Adding new group `uwsgi' (1000) ... 
Adding new user `uwsgi' (1000) with group `uwsgi' ... 
Creating home directory `/home/uwsgi' ...
Copying files from `/etc/skel' ... 
[91mEnter new UNIX password: Retype new UNIX password: [0m 
[91mpasswd: Authentication token manipulation error
passwd: password unchanged
[0m 
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
[0m 
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
[0m 
Try again? [y/N] 
Changing the user information for uwsgi
Enter the new value, or press ENTER for the default
    Full Name []: 
Room Number []:     Work Phone []:  Home Phone []:  Other []: 
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
[0m 
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
[0m 
Is the information correct? [Y/n] 
---> 258f2f2f13df 
Removing intermediate container 59948863162a 
Step 5 : RUN adduser celery 
---> Running in be06f1e20f64 
Adding user `celery' ...
Adding new group `celery' (1001) ... 
Adding new user `celery' (1001) with group `celery' ... 
Creating home directory `/home/celery' ...
Copying files from `/etc/skel' ... 
[91mEnter new UNIX password: Retype new UNIX password: [0m 
[91mpasswd: Authentication token manipulation error
passwd: password unchanged
[0m 
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
[0m 
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
[0m 
Try again? [y/N] 
Changing the user information for celery
Enter the new value, or press ENTER for the default
    Full Name []:   Room Number []:     Work Phone []: 
Home Phone []:  Other []: 
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
[0m 
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
[0m 
Is the information correct? [Y/n]

当前回答

Ubuntu

试试Dockerfile中的以下代码行:

RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1001 ubuntu
USER ubuntu
WORKDIR /home/ubuntu

用户添加选项(参见:man Useradd):

-r, --system Create a system account. see: Implications creating system accounts -m, --create-home Create the user's home directory. -d, --home-dir HOME_DIR Home directory of the new account. -s, --shell SHELL Login shell of the new account. -g, --gid GROUP Name or ID of the primary group. -G, --groups GROUPS List of supplementary groups. -u, --uid UID Specify user ID. see: Understanding how uid and gid work in Docker containers -p, --password PASSWORD Encrypted password of the new account (e.g. ubuntu).

设置默认用户密码

在useradd命令中添加-p "$(openssl passwd -1 ubuntu)"，设置用户密码。

或者在Dockerfile中添加以下代码行:

SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN echo 'ubuntu:ubuntu' | chpasswd

第一条shell指令是确保在运行管道之前启用-o pipefail选项。Hadolint:检测您的Dockerfile。

2018-04-16 01:31:12

其他回答

请在dockerfile中添加以下条目，以便在容器中创建sudo用户。

RUN useradd -m  -s /bin/bash ubuntu
RUN usermod -aG sudo ubuntu && echo "ubuntu ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ubuntu
RUN chmod 0440 /etc/sudoers.d/ubuntu // should be 0440
USER ubuntu:ubuntu
WORKDIR /home/ubuntu

2022-06-28 03:59:56

将这一行添加到Dockerfile中(您可以通过这种方式运行任何linux命令)

RUN useradd -ms /bin/bash yourNewUserName

2015-11-23 15:42:41

或者你也可以这样做。

RUN addgroup demo && adduser -DH -G demo demo

第一个命令创建名为demo的组。第二个命令创建演示用户并将其添加到前面创建的演示组。

Flags代表:

-G Group
-D Don't assign password
-H Don't create home directory

2020-02-06 19:25:27

在docker中添加user并在该用户下运行应用程序是非常好的安全实践。要做到这一点，我建议采取以下步骤:

FROM node:10-alpine

# Copy source to container
RUN mkdir -p /usr/app/src

# Copy source code
COPY src /usr/app/src
COPY package.json /usr/app
COPY package-lock.json /usr/app

WORKDIR /usr/app

# Running npm install for production purpose will not run dev dependencies.
RUN npm install -only=production    

# Create a user group 'xyzgroup'
RUN addgroup -S xyzgroup

# Create a user 'appuser' under 'xyzgroup'
RUN adduser -S -D -h /usr/app/src appuser xyzgroup

# Chown all the files to the app user.
RUN chown -R appuser:xyzgroup /usr/app

# Switch to 'appuser'
USER appuser

# Open the mapped port
EXPOSE 3000

# Start the process
CMD ["npm", "start"]

以上步骤是复制NodeJS项目文件、创建用户组和用户、为项目文件夹分配用户权限、切换到新创建的用户并在该用户下运行应用程序的完整示例。

2019-01-30 17:18:20

为了避免adduser的交互问题，你可以用这些参数来调用它:

RUN adduser --disabled-password --gecos '' newuser

——gecos参数用于设置附加信息。在本例中，它是空的。

在带有busybox的系统上(如Alpine)，使用

RUN adduser -D -g '' newuser

参见busybox adduser

2015-04-22 12:15:24

如何将用户添加到Docker容器?

推荐文章

最新文章

标签