How to use sudo inside a docker container?

前端 未结 11 713
臣服心动
臣服心动 2020-11-30 16:17

Normally, docker containers are run using the user root. I\'d like to use a different user, which is no problem using docker\'s USER directive. But this use

相关标签:
11条回答
  • 2020-11-30 16:36

    Just got it. As regan pointed out, I had to add the user to the sudoers group. But the main reason was I'd forgotten to update the repositories cache, so apt-get couldn't find the sudo package. It's working now. Here's the completed code:

    FROM ubuntu:12.04
    
    RUN apt-get update && \
          apt-get -y install sudo
    
    RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
    
    USER docker
    CMD /bin/bash
    
    0 讨论(0)
  • 2020-11-30 16:40

    if you want to connect to container and install something
    using apt-get
    first as above answer from our brother "Tomáš Záluský"

    docker exec -u root -t -i container_id /bin/bash
    

    then try to

    RUN apt-get update or apt-get 'anything you want'

    it worked with me hope it's useful for all

    0 讨论(0)
  • 2020-11-30 16:41

    When neither sudo nor apt-get is available in container, you can also jump into running container as root user using command

    docker exec -u root -t -i container_id /bin/bash
    
    0 讨论(0)
  • 2020-11-30 16:41

    This may not work for all images, but some images contain a root user already, such as in the jupyterhub/singleuser image. With that image it's simply:

    USER root
    RUN sudo apt-get update
    
    0 讨论(0)
  • 2020-11-30 16:46

    Unlike accepted answer, I use usermod instead.

    Assume already logged-in as root in docker, and "fruit" is the new non-root username I want to add, simply run this commands:

    apt update && apt install sudo
    adduser fruit
    usermod -aG sudo fruit
    

    Remember to save image after update. Use docker ps to get current running docker's <CONTAINER ID> and <IMAGE>, then run docker commit -m "added sudo user" <CONTAINER ID> <IMAGE> to save docker image.

    Then test with:

    su fruit
    sudo whoami
    

    Or test by direct login(ensure save image first) as that non-root user when launch docker:

    docker run -it --user fruit <IMAGE>
    sudo whoami
    

    You can use sudo -k to reset password prompt timestamp:

    sudo whoami # No password prompt
    sudo -k # Invalidates the user's cached credentials
    sudo whoami # This will prompt for password
    
    0 讨论(0)
  • 2020-11-30 16:48

    The other answers didn't work for me. I kept searching and found a blog post that covered how a team was running non-root inside of a docker container.

    Here's the TL;DR version:

    RUN apt-get update \
     && apt-get install -y sudo
    
    RUN adduser --disabled-password --gecos '' docker
    RUN adduser docker sudo
    RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
    
    USER docker
    
    # this is where I was running into problems with the other approaches
    RUN sudo apt-get update 
    

    I was using FROM node:9.3 for this, but I suspect that other similar container bases would work as well.

    0 讨论(0)
提交回复
热议问题