Skip to content

Instantly share code, notes, and snippets.

@avishayp
Created September 25, 2018 19:02
Show Gist options
  • Save avishayp/33fcee06ee440524d21600e2e817b6b7 to your computer and use it in GitHub Desktop.
Save avishayp/33fcee06ee440524d21600e2e817b6b7 to your computer and use it in GitHub Desktop.
Add non-root user for alpine linux
# non root user example for alpine
#
# usage:
# $ docker build --build-arg "USER=someuser" --tag test .
# $ docker run --rm test
FROM alpine
ARG USER=default
ENV HOME /home/$USER
# install sudo as root
RUN apk add --update sudo
# add new user
RUN adduser -D $USER \
&& echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
&& chmod 0440 /etc/sudoers.d/$USER
USER $USER
WORKDIR $HOME
# files in /home/$USER to be owned by $USER
# docker has --chown flag for COPY, but it does not expand ENV so we fallback to:
# COPY src src
# RUN sudo chown -R $USER:$USER $HOME
CMD echo "User $(whoami) running from $PWD with premissions: $(sudo -l)"
@ecardinal
Copy link

Not using the default user (root) isn't necessarily to stop any kind of shenanigans, it's to prevent accidents by forcing the user to deliberately use "sudo". You could still do stupid things, but then it's really your fault. 😃

Also, the setup makes it very easy to comment out or delete the sudo setup and just leave "morty" as a regular user.
For anyone interested:

The nature of docker is somewhat natively insecure if you know what you're doing. There are better container runners that don't suffer from these issues; look into "nestybox/sysbox" on GitHub for an interesting more secure setup. Also, google "rootless containers", as new solutions are coming up all the time.

@e-ruiz
Copy link

e-ruiz commented Apr 28, 2022

Just for reference, official Alpine docs.
📖 https://wiki.alpinelinux.org/wiki/Setting_up_a_new_user#Options

😃

@yolave
Copy link

yolave commented Oct 26, 2022

This is working for me:

# add new user
RUN adduser -D $USER \
        && mkdir -p /etc/sudoers.d \
        && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
        && chmod 0440 /etc/sudoers.d/$USER

This did the work for me. Thanks @workpebojot

@Anr-C
Copy link

Anr-C commented Aug 2, 2024

Thanks 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment