Variables in Dockerfile don't seem to be recognized?

Gerrie
June 15, 2022
243 views
1 vote
2 Answers

I am building an image using Dockfile. I would like to set the Username of the container via the command line to avoid permission issues.

The Dockfile is shown below, I used the variables of USER_NAME, GROUP_ID. But when I build, the problem keeps appearing.
The error is: groupadd: option '--gid' requires an argument
I’m guessing that both ${GROUP_ID} and ${USER_NAME} are recognized as empty strings, but shouldn’t they be assigned values when the container is created?
I’ve googled a few examples and based on the examples, I don’t quite see where the problem is?

Please help me!
Thanks!

FROM matthewfeickert/docker-python3-ubuntu:latest
ARG USER_NAME
ARG USER_ID
ARG GROUP_ID


RUN groupadd -r --gid ${GROUP_ID} ${USER_NAME} 
RUN useradd --no-log-init -r -g ${GROUP_ID} -u ${USER_ID} ${USER_NAME}

USER ${USER_NAME}
WORKDIR /usr/local/src

Answers

- ycr
- June 15, 2022 at 4:45 am
- 0 votes
0
You can pass the build args as shown below.
```
docker build --build-arg USER_NAME=test --build-arg USER_ID=805 --build-arg GROUP_ID=805 -t tag1 .
```
Also, as a best practice consider adding default vales to the args. So if the user doesn’t specify the args the default values will be picked.
Login or Signup to reply.

- DavidMaze
- June 15, 2022 at 12:39 pm
- 0 votes
0
When you run the container, you can specify an arbitrary user ID with the docker run -u option.
```
docker run -u 1003 ... my-image
```
This doesn’t require any special setup in the image. The user ID won’t exist in the container’s /etc/passwd file but there aren’t really any consequences to this, beyond some cosmetic issues with prompts in interactive debugging shells.

A typical use of this is to give your container access to a bind-mounted data directory:
```
docker run 
  -e DATA_DIR=/data 
  -v "$PWD/app-data:/data" 
  -u $(id -u) 
  ... 
  my-image
```
I’d generally recommend not passing a specific user ID into your image build. This would make the user ID "baked in", and if someone with a different host uid wanted to run the image, they’d have to rebuild it.

It’s often a good practice to set up some non-root user, but it doesn’t matter what its user ID is so long as it’s not zero. In turn, it’s also typically a good practice to leave most of your application source code owned by the root user so that the application can’t accidentally overwrite itself.
```
FROM matthewfeickert/docker-python3-ubuntu:latest

# Create an arbitrary non-root user; we don't care about its uid
# or other properties
RUN useradd --system user

# Still as root, do the normal steps to install and build the application
WORKDIR /app
COPY requirements.txt ./
RUN pip install -r requirements.txt
COPY ./ ./

# Still as root, make sure the data directory exists
ENV DATA_DIR=/data
RUN mkdir "$DATA_DIR" && chown user "$DATA_DIR"
# VOLUME ["/data"]

# Normal metadata to run the container, only switching users now
EXPOSE 5000
USER user
CMD ["./app.py"]
```
This setup will still work with the extended docker run command shown initially: the docker run -v option will cause the container’s /data directory to take on its numeric uid owner from the host, which (hopefully) matches the docker run -u uid.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.