Add non-root user for alpine linux

Dockerfile

# non root user example for alpine
#
# usage:
# $ docker build --build-arg "USER=someuser" --tag test .
# $ docker run --rm test

FROM alpine

ARG USER=default
ENV HOME /home/$USER

# install sudo as root
RUN apk add --update sudo

# add new user
RUN adduser -D $USER \
        && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
        && chmod 0440 /etc/sudoers.d/$USER

USER $USER
WORKDIR $HOME

# files in /home/$USER to be owned by $USER
# docker has --chown flag for COPY, but it does not expand ENV so we fallback to:
# COPY src src
# RUN sudo chown -R $USER:$USER $HOME

CMD echo "User $(whoami) running from $PWD with premissions: $(sudo -l)"

Not using the default user (root) isn't necessarily to stop any kind of shenanigans, it's to prevent accidents by forcing the user to deliberately use "sudo". You could still do stupid things, but then it's really your fault. 😃

Also, the setup makes it very easy to comment out or delete the sudo setup and just leave "morty" as a regular user.
For anyone interested:

The nature of docker is somewhat natively insecure if you know what you're doing. There are better container runners that don't suffer from these issues; look into "nestybox/sysbox" on GitHub for an interesting more secure setup. Also, google "rootless containers", as new solutions are coming up all the time.

Just for reference, official Alpine docs.
📖 https://wiki.alpinelinux.org/wiki/Setting_up_a_new_user#Options

😃

This is working for me:

# add new user
RUN adduser -D $USER \
        && mkdir -p /etc/sudoers.d \
        && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
        && chmod 0440 /etc/sudoers.d/$USER

This did the work for me. Thanks @workpebojot