MaxPeal/Dockerfile

## Dockerfile
# non root user example for alpine
#
# usage:
# $ docker build --build-arg "USER=someuser" --tag test .
# $ docker run --rm test
# or
# docker run --user default --rm -it alpine:latest
# docker run --user nobody --rm -it alpine:latest

FROM alpine

#ARG USER=default
ARG USER=user
ARG PASSWORD=pw
ENV HOME /home/$USER

# install sudo as root
RUN apk add --no-cache --update sudo

# add new user
### RUN adduser -D $USER \
###     && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
###     && chmod 0440 /etc/sudoers.d/$USER

RUN (
cat <<'EOF'
#!/bin/bash

echo "This is a generated shell script."
#  Note that since we are inside a subshell,
#+ we can't access variables in the "outside" script.

echo "Generated file will be named: $OUTFILE"
#  Above line will not work as normally expected
#+ because parameter expansion has been disabled.
#  Instead, the result is literal output.

a=7
b=3

let "c = $a * $b"
echo "c = $c"

exit 0
EOF
) > /etc/profile.d/color_prompt_inc_uid-foo.sh
NORMAL="\[\e[0m\]"
RED="\[\e[1;31m\]"
GREEN="\[\e[1;32m\]"
if [ "$USER" = root ]; then
	PS1="$RED\h [$NORMAL\w$RED]# $NORMAL"
else
	PS1="$GREEN\h [$NORMAL\w$GREEN]\$ $NORMAL"
fi

>> /etc/profile.d/color_prompt_inc_uid.sh

RUN adduser -D $USER \
        && echo "$USER:$PASSWORD" | chpasswd \
        && echo "$USER ALL=(ALL) PASSWD: ALL" > /etc/sudoers.d/$USER \
        && echo "Defaults       timestamp_timeout=30       # timestamp_timeout # After authenticating, this is the amount of time after which sudo will prompt for a password again in the same terminal" >> /etc/sudoers.d/$USER \
        && chmod 0440 /etc/sudoers.d/$USER

USER $USER
WORKDIR $HOME

# files in /home/$USER to be owned by $USER
# docker has --chown flag for COPY, but it does not expand ENV so we fallback to:
# COPY src src
# RUN sudo chown -R $USER:$USER $HOME

# CMD echo "User $(whoami) running from $PWD with premissions: $(sudo -l)"
	# non root user example for alpine
	#
	# usage:
	# $ docker build --build-arg "USER=someuser" --tag test .
	# $ docker run --rm test
	# or
	# docker run --user default --rm -it alpine:latest
	# docker run --user nobody --rm -it alpine:latest

	FROM alpine

	#ARG USER=default
	ARG USER=user
	ARG PASSWORD=pw
	ENV HOME /home/$USER

	# install sudo as root
	RUN apk add --no-cache --update sudo

	# add new user
	### RUN adduser -D $USER \
	### && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
	### && chmod 0440 /etc/sudoers.d/$USER

	RUN (
	cat <<'EOF'
	#!/bin/bash

	echo "This is a generated shell script."
	# Note that since we are inside a subshell,
	#+ we can't access variables in the "outside" script.

	echo "Generated file will be named: $OUTFILE"
	# Above line will not work as normally expected
	#+ because parameter expansion has been disabled.
	# Instead, the result is literal output.

	a=7
	b=3

	let "c = $a * $b"
	echo "c = $c"

	exit 0
	EOF
	) > /etc/profile.d/color_prompt_inc_uid-foo.sh
	NORMAL="\[\e[0m\]"
	RED="\[\e[1;31m\]"
	GREEN="\[\e[1;32m\]"
	if [ "$USER" = root ]; then
	PS1="$RED\h [$NORMAL\w$RED]# $NORMAL"
	else
	PS1="$GREEN\h [$NORMAL\w$GREEN]\$ $NORMAL"
	fi

	>> /etc/profile.d/color_prompt_inc_uid.sh

	RUN adduser -D $USER \
	&& echo "$USER:$PASSWORD" \| chpasswd \
	&& echo "$USER ALL=(ALL) PASSWD: ALL" > /etc/sudoers.d/$USER \
	&& echo "Defaults timestamp_timeout=30 # timestamp_timeout # After authenticating, this is the amount of time after which sudo will prompt for a password again in the same terminal" >> /etc/sudoers.d/$USER \
	&& chmod 0440 /etc/sudoers.d/$USER

	USER $USER
	WORKDIR $HOME

	# files in /home/$USER to be owned by $USER
	# docker has --chown flag for COPY, but it does not expand ENV so we fallback to:
	# COPY src src
	# RUN sudo chown -R $USER:$USER $HOME

	# CMD echo "User $(whoami) running from $PWD with premissions: $(sudo -l)"