Skip to content

Instantly share code, notes, and snippets.

@pcewing

pcewing/Dockerfile

Last active February 18, 2020 18:19
Show Gist options
  • Save pcewing/cadaf22b7f6803c8f4afec9439e2719b to your computer and use it in GitHub Desktop.
Save pcewing/cadaf22b7f6803c8f4afec9439e2719b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
demo.txt
[container_demo] docker image build -t myapp .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM centos:latest
---> 470671670cac
Step 2/3 : RUN groupadd -r -g 1001 john && groupadd -r -g 1050 myapp && useradd -rM -g john -G myapp -u 1001 john && mkdir -p /var/john && chown -R john:john /var/john
---> Using cache
---> a889fe7bf9cb
Step 3/3 : USER john:john
---> Using cache
---> 4ce8cad43e73
Successfully built 4ce8cad43e73
Successfully tagged myapp:latest
[container_demo] docker container run -it myapp /bin/bash
bash-4.4$ whoami
john
bash-4.4$ id john
uid=1001(john) gid=1001(john) groups=1001(john),1050(myapp)
bash-4.4$ ls -l /var | grep john
drwxr-xr-x 2 john john 4096 Feb 14 02:13 john
bash-4.4$ touch /var/john/test.txt
bash-4.4$ ls -l /var/john/test.txt
-rw-r--r-- 1 john john 0 Feb 14 02:33 /var/john/test.txt
bash-4.4$ chown john:myapp /var/john/test.txt
chown: changing ownership of '/var/john/test.txt': Operation not permitted
bash-4.4$ lsattr /var/john
--------------e---- /var/john/test.txt
bash-4.4$ lsattr /var/john/test.txt
--------------e---- /var/john/test.txt
bash-4.4$ ls -lna /var/john
total 12
drwxr-xr-x 1 1001 1001 4096 Feb 18 17:13 .
drwxr-xr-x 1 0 0 4096 Feb 14 02:13 ..
-rw-rw-r-- 1 1001 1001 0 Feb 18 17:13 test.txt
Raw
Dockerfile
FROM centos:latest
RUN groupadd -r -g 1001 john && \
groupadd -r -g 1050 myapp && \
useradd -rM -g john -G myapp -u 1001 john && \
mkdir -p /var/john && \
chown -R john:john /var/john
USER john:john
@adamancini
Copy link 

✔  moira  ~  docker run --rm -it centos
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
8a29a15cefae: Pull complete
Digest: sha256:fe8d824220415eed5477b63addf40fb06c3b049404242b31982106ac204f6700
Status: Downloaded newer image for centos:latest
[root@690b4d2de5f5 /]# groupadd -r -g 1001 john && \
>     groupadd -r -g 1050 myapp && \
>     useradd -rM -g john -G myapp -u 1001 john && \
>     mkdir -p /var/john && \
>     chown -R john:john /var/john
[root@690b4d2de5f5 /]# cd /var/john
[root@690b4d2de5f5 john]# ls
[root@690b4d2de5f5 john]# ls -lna
total 12
drwxr-xr-x 2 1001 1001 4096 Feb 18 17:32 .
drwxr-xr-x 1    0    0 4096 Feb 18 17:32 ..
[root@690b4d2de5f5 john]# su - john
su: warning: cannot change directory to /home/john: No such file or directory
[john@690b4d2de5f5 john]$ ls
[john@690b4d2de5f5 john]$ cd /
[john@690b4d2de5f5 /]$ cd /var/john
[john@690b4d2de5f5 john]$ ls
[john@690b4d2de5f5 john]$ ls -lnma
., ..
[john@690b4d2de5f5 john]$ ls -lna
total 12
drwxr-xr-x 2 1001 1001 4096 Feb 18 17:32 .
drwxr-xr-x 1    0    0 4096 Feb 18 17:32 ..
[john@690b4d2de5f5 john]$ touch foo
[john@690b4d2de5f5 john]$ ls -lna
total 12
drwxr-xr-x 2 1001 1001 4096 Feb 18 17:33 .
drwxr-xr-x 1    0    0 4096 Feb 18 17:32 ..
-rw-rw-r-- 1 1001 1001    0 Feb 18 17:33 foo
[john@690b4d2de5f5 john]$ chown john:myapp foo
[john@690b4d2de5f5 john]$ ls -lna
total 12
drwxr-xr-x 2 1001 1001 4096 Feb 18 17:33 .
drwxr-xr-x 1    0    0 4096 Feb 18 17:32 ..
-rw-rw-r-- 1 1001 1050    0 Feb 18 17:33 foo
[john@690b4d2de5f5 john]$

@adamancini
Copy link

run interactively:

[john@690b4d2de5f5 john]$ id
uid=1001(john) gid=1001(john) groups=1001(john),1050(myapp)
[john@690b4d2de5f5 john]$ whoami
john

run via "build"

bash-4.4$ id
uid=1001(john) gid=1001(john) groups=1001(john)
bash-4.4$ newgrp myapp
bash-4.4$ groups
myapp
bash-4.4$ id
uid=1001(john) gid=1050(myapp) groups=1050(myapp)
bash-4.4$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment