default user inside container?

Honza Horak hhorak at
Wed Apr 22 17:22:51 UTC 2015


having in mind docker images for e.g. python, ruby, nodejs and some 
application written in those languages/frameworks already inside the 
docker (basically those where there is no specific user to be used like 
for daemons for example) -- the application may either run as root or 
non-root user (non-root should be preferred way, right?)

For cases we need such a user, this user must have expected HOME, UID 
and GID to be possible to match on host, so after inspiring in the 
openshift base image (but not copied everything), what about:

ENV HOME /home/default
RUN mkdir -p ${HOME} && \
     groupadd -r default -f -g 333 && \
     useradd -u 333 -r -g default -d ${HOME} -s /sbin/nologin \
             -c "Default Application User" default

Home directory is first problem. May it be something in /home? Or rather 
take that user similar to users for daemons and use something like 

Then, what the UID and GID should be?

Picking one from <1000 would disable this user from some operations, 
that check MIN_UID explicitly to behave differently, but maybe it makes 
sense -- we can take that user as a special one, not ordinary one; 
personally the preferred way.

Picking one from >1000 could provide conflicts on host in case the same 
already exists there.

Any ideas?


More information about the env-and-stacks mailing list