skip to Main Content

I’m having a problem while using an amazoncorretto-alpine image on which I run a Spring boot application.
To startup the container I use a specific bash script which (along with other stuff) attempt to run the executable jar for the Spring boot application.

My need is to run the executable jar with a different user , so while the bash script runs with root the "java -jar springBoot.jar" must be executed as "spring" user.

In the docker file a user and a group has been created and given permissions for the springBoot.jar like this:

...
RUN addgroup -S spring && adduser -S -D spring -G spring
RUN chown spring:spring springBoot.jar
...
CMD ["myBash.sh"]

The user and group are present, the permissions on the file are configured correctly and the container starts by executing myBash.sh.

In the bash, that runs with "root" privileges, I’m using this command line to execute the jar with another user:

su - spring -c "java -jar springBoot.jar"

I did some other test by putting the -c "command" before the user but the error is always the same:

"The Account is not available"

This message is printed in the Docker console when starting the container.

Alpine version in the image:

"Alpine Linux v3.15"

Note: if I remove the instruction "su – spring…." above and just run the java -jar springBoot.jar in the bash script all works fine but the application is started with root (as expected).

Anyone have any idea what could be the problem?

2

Answers


  1. You can specify on your Dockerfile a USER.
    You will find all the documentation in this link above.

    https://docs.docker.com/engine/reference/builder/#user

    But for your use case i think, you just need to specify in your Dockerfile something like this:

    FROM alpine
    RUN addgroup -S sprig && adduser -S -D spring -G spring
    USER spring
    #here you put your commands
    #if you want to leave the container as an non-root user which is recommanded you then just
    USER 1001
    
    Login or Signup to reply.
  2. instead of create the user directly in docker file try to create it inside the script like this

    adduser -D spring -g "test" -s /bin/sh -D spring
    

    then switch the user

    su -s /bin/bash spring  <<EOF
    java -jar java_file.jar
    EOF
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search