skip to Main Content

I am building an image using Dockfile. I would like to set the Username of the container via the command line to avoid permission issues.

The Dockfile is shown below, I used the variables of USER_NAME, GROUP_ID. But when I build, the problem keeps appearing.
The error is: groupadd: option '--gid' requires an argument
I’m guessing that both ${GROUP_ID} and ${USER_NAME} are recognized as empty strings, but shouldn’t they be assigned values ​​when the container is created?
I’ve googled a few examples and based on the examples, I don’t quite see where the problem is?

Please help me!
Thanks!

FROM matthewfeickert/docker-python3-ubuntu:latest
ARG USER_NAME
ARG USER_ID
ARG GROUP_ID


RUN groupadd -r --gid ${GROUP_ID} ${USER_NAME} 
RUN useradd --no-log-init -r -g ${GROUP_ID} -u ${USER_ID} ${USER_NAME}

USER ${USER_NAME}
WORKDIR /usr/local/src

2

Answers


  1. You can pass the build args as shown below.

    docker build --build-arg USER_NAME=test --build-arg USER_ID=805 --build-arg GROUP_ID=805 -t tag1 .
    

    Also, as a best practice consider adding default vales to the args. So if the user doesn’t specify the args the default values will be picked.

    Login or Signup to reply.
  2. When you run the container, you can specify an arbitrary user ID with the docker run -u option.

    docker run -u 1003 ... my-image
    

    This doesn’t require any special setup in the image. The user ID won’t exist in the container’s /etc/passwd file but there aren’t really any consequences to this, beyond some cosmetic issues with prompts in interactive debugging shells.

    A typical use of this is to give your container access to a bind-mounted data directory:

    docker run 
      -e DATA_DIR=/data 
      -v "$PWD/app-data:/data" 
      -u $(id -u) 
      ... 
      my-image
    

    I’d generally recommend not passing a specific user ID into your image build. This would make the user ID "baked in", and if someone with a different host uid wanted to run the image, they’d have to rebuild it.

    It’s often a good practice to set up some non-root user, but it doesn’t matter what its user ID is so long as it’s not zero. In turn, it’s also typically a good practice to leave most of your application source code owned by the root user so that the application can’t accidentally overwrite itself.

    FROM matthewfeickert/docker-python3-ubuntu:latest
    
    # Create an arbitrary non-root user; we don't care about its uid
    # or other properties
    RUN useradd --system user
    
    # Still as root, do the normal steps to install and build the application
    WORKDIR /app
    COPY requirements.txt ./
    RUN pip install -r requirements.txt
    COPY ./ ./
    
    # Still as root, make sure the data directory exists
    ENV DATA_DIR=/data
    RUN mkdir "$DATA_DIR" && chown user "$DATA_DIR"
    # VOLUME ["/data"]
    
    # Normal metadata to run the container, only switching users now
    EXPOSE 5000
    USER user
    CMD ["./app.py"]
    

    This setup will still work with the extended docker run command shown initially: the docker run -v option will cause the container’s /data directory to take on its numeric uid owner from the host, which (hopefully) matches the docker run -u uid.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search