Question 220589 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – Add a non root user to docker image in eclipse-temurin:17-focal

Hi i have created a spring boot application and want to add a non root user to in the docker file.

i was looking at the following
https://spring.io/guides/topicals/spring-boot-docker/

and this command

RUN addgroup -S demo && adduser -S demo -G demo
USER demo

but this doesnt work in my docker file which is based on the followin image

FROM eclipse-temurin:17-focal
WORKDIR /app
COPY target/*.jar app.jar
EXPOSE 8080

RUN addgroup -S demo && adduser -S demo -G demo
USER demo

ENTRYPOINT ["java","-jar","/app.jar"]

Error:

error: failed to solve: process "/bin/sh -c addgroup -S app && adduser -S app -G app" did not complete successfully: exit code: 1
Tags:

2

Answers


  1. 0

    The documented example uses an Alpine based image, whereas you’re using an Ubuntu-based image.

    The thing about Alpine is that most commands come from BusyBox, and they don’t all follow the exact same syntax as "normal" Linux.

    Running a docker build with your Dockerfile clearly shows that the syntax for adduser/addgroup is not recognised:

    17-focal: Pulling from library/eclipse-temurin
0fb668748fc8: Pull complete
b9a37d78e5cc: Pull complete
b08078e9064c: Pull complete
375f5661b61e: Pull complete
Digest: sha256:7b794fa11b9f7d83af6d0243c97a811b9472062dc404f7676704c5c68578b56b
Status: Downloaded newer image for eclipse-temurin:17-focal
 ---> 7dc6e9a7a5e6
Step 2/6 : WORKDIR /app
 ---> Running in b4856b78703d
Removing intermediate container b4856b78703d
 ---> 19ccea563e99
Step 3/6 : EXPOSE 8080
 ---> Running in c979018f6080
Removing intermediate container c979018f6080
 ---> 0d9f79b1bcbc
Step 4/6 : RUN addgroup -S demo && adduser -S demo -G demo
 ---> Running in 799ff9057c19
adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--add_extra_groups]
[--encrypt-home] USER
   Add a normal user

adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password]
[--disabled-login] [--add_extra_groups] USER
   Add a system user

adduser --group [--gid ID] GROUP
addgroup [--gid ID] GROUP
   Add a user group

addgroup --system [--gid ID] GROUP
   Add a system group

adduser USER GROUP
   Add an existing user to an existing group

general options:
  --quiet | -q      don't give process information to stdout
  --force-badname   allow usernames which do not match the
                    NAME_REGEX[_SYSTEM] configuration variable
  --extrausers      uses extra users as the database
  --help | -h       usage message
  --version | -v    version number and copyright
  --conf | -c FILE  use FILE as configuration file

    TL;DR:

    If you use eclipse-temurin:17-jdk-alpine as in your linked documentation, the image builds just fine

    Login or Signup to reply.
  2. 0

    The image your are using inherited from an Ubuntu distribution, so you have use the right syntax for the failing commands.

    You should change:

    RUN addgroup -S demo && adduser -S demo -G demo

    Into:

    RUN addgroup demo 
RUN useradd -g demo demo
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search