How to use sudo inside a docker container?

前端 未结 11 716
臣服心动
臣服心动 2020-11-30 16:17

Normally, docker containers are run using the user root. I\'d like to use a different user, which is no problem using docker\'s USER directive. But this use

相关标签:
11条回答
  • 2020-11-30 16:48

    There is no answer on how to do this on CentOS. On Centos, you can add following to Dockerfile

    RUN echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
        chmod 0440 /etc/sudoers.d/user
    
    0 讨论(0)
  • 2020-11-30 16:53

    If SUDO or apt-get is not accessible inside the Container, You can use, below option in running container.

    docker exec -u root -it f83b5c5bf413 ash
    

    "f83b5c5bf413" is my container ID & here is working example from my terminal:

    0 讨论(0)
  • 2020-11-30 16:57

    If you have a container running as root that runs a script (which you can't change) that needs access to the sudo command, you can simply create a new sudo script in your $PATH that calls the passed command.

    e.g. In your Dockerfile:

    RUN if type sudo 2>/dev/null; then \ 
         echo "The sudo command already exists... Skipping."; \
        else \
         echo -e "#!/bin/sh\n\${@}" > /usr/sbin/sudo; \
         chmod +x /usr/sbin/sudo; \
        fi
    
    0 讨论(0)
  • 2020-11-30 17:02

    Here's how I setup a non-root user with the base image of ubuntu:18.04:

    RUN \
        groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo && \
        sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
        sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
        sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
        echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
        echo "Customized the sudoers file for passwordless access to the foo user!" && \
        echo "foo user:";  su - foo -c id
    

    What happens with the above code:

    • The user and group foo is created.
    • The user foo is added to the both the foo and sudo group.
    • The uid and gid is set to the value of 999.
    • The home directory is set to /home/foo.
    • The shell is set to /bin/bash.
    • The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo group.
    • The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.
    0 讨论(0)
  • 2020-11-30 17:03

    For anyone who has this issue with an already running container, and they don't necessarily want to rebuild, the following command connects to a running container with root privileges:

    docker exec -ti -u root container_name bash
    

    You can also connect using its ID, rather than its name, by finding it with:

    docker ps -l
    

    To save your changes so that they are still there when you next launch the container (or docker-compose cluster):

    docker commit container_id image_name
    

    To roll back to a previous image version (warning: this deletes history rather than appends to the end, so to keep a reference to the current image, tag it first using the optional step):

    docker history image_name
    docker tag latest_image_id my_descriptive_tag_name  # optional
    docker tag desired_history_image_id image_name
    

    To start a container that isn't running and connect as root:

    docker run -ti -u root --entrypoint=/bin/bash image_id_or_name -s
    

    To copy from a running container:

    docker cp <containerId>:/file/path/within/container /host/path/target
    

    To export a copy of the image:

    docker save container | gzip > /dir/file.tar.gz
    

    Which you can restore to another Docker install using:

    gzcat /dir/file.tar.gz | docker load
    

    It is much quicker but takes more space to not compress, using:

    docker save container | dir/file.tar
    

    And:

    cat dir/file.tar | docker load
    
    0 讨论(0)
提交回复
热议问题