Question 84069 in Docker Question posted in
The official documentation can be found here.

Docker Alpine execute command as another user

I’m having a problem while using an amazoncorretto-alpine image on which I run a Spring boot application.
To startup the container I use a specific bash script which (along with other stuff) attempt to run the executable jar for the Spring boot application.

My need is to run the executable jar with a different user , so while the bash script runs with root the "java -jar springBoot.jar" must be executed as "spring" user.

In the docker file a user and a group has been created and given permissions for the springBoot.jar like this:

...
RUN addgroup -S spring && adduser -S -D spring -G spring
RUN chown spring:spring springBoot.jar
...
CMD ["myBash.sh"]

The user and group are present, the permissions on the file are configured correctly and the container starts by executing myBash.sh.

In the bash, that runs with "root" privileges, I’m using this command line to execute the jar with another user:

su - spring -c "java -jar springBoot.jar"

I did some other test by putting the -c "command" before the user but the error is always the same:

"The Account is not available"

This message is printed in the Docker console when starting the container.

Alpine version in the image:

"Alpine Linux v3.15"

Note: if I remove the instruction "su – spring…." above and just run the java -jar springBoot.jar in the bash script all works fine but the application is started with root (as expected).

Anyone have any idea what could be the problem?

Tags:

2

Answers


  1. 0

    You can specify on your Dockerfile a USER.
    You will find all the documentation in this link above.

    https://docs.docker.com/engine/reference/builder/#user

    But for your use case i think, you just need to specify in your Dockerfile something like this:

    FROM alpine
RUN addgroup -S sprig && adduser -S -D spring -G spring
USER spring
#here you put your commands
#if you want to leave the container as an non-root user which is recommanded you then just
USER 1001
    Login or Signup to reply.
  2. 0

    instead of create the user directly in docker file try to create it inside the script like this

    adduser -D spring -g "test" -s /bin/sh -D spring

    then switch the user

    su -s /bin/bash spring  <<EOF
java -jar java_file.jar
EOF
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search