default user inside container?
Honza Horak
hhorak at redhat.com
Wed Apr 22 17:22:51 UTC 2015
Hey,
having in mind docker images for e.g. python, ruby, nodejs and some
application written in those languages/frameworks already inside the
docker (basically those where there is no specific user to be used like
for daemons for example) -- the application may either run as root or
non-root user (non-root should be preferred way, right?)
For cases we need such a user, this user must have expected HOME, UID
and GID to be possible to match on host, so after inspiring in the
openshift base image (but not copied everything), what about:
ENV HOME /home/default
RUN mkdir -p ${HOME} && \
groupadd -r default -f -g 333 && \
useradd -u 333 -r -g default -d ${HOME} -s /sbin/nologin \
-c "Default Application User" default
Home directory is first problem. May it be something in /home? Or rather
take that user similar to users for daemons and use something like
/var/lib/container-home?
Then, what the UID and GID should be?
Picking one from <1000 would disable this user from some operations,
that check MIN_UID explicitly to behave differently, but maybe it makes
sense -- we can take that user as a special one, not ordinary one;
personally the preferred way.
Picking one from >1000 could provide conflicts on host in case the same
already exists there.
Any ideas?
Honza
More information about the env-and-stacks
mailing list