default user inside container?

[Honza Horak]

We touched this problem on today's meeting, but not found the final 
solutions yet, the log may be worth reading though:
http://meetbot.fedoraproject.org/fedora-meeting-2/2015-04-23/env-and-stacks.2015-04-23-12.04.html

Honza

On 04/22/2015 07:22 PM, Honza Horak wrote:
> Hey,
>
> having in mind docker images for e.g. python, ruby, nodejs and some
> application written in those languages/frameworks already inside the
> docker (basically those where there is no specific user to be used like
> for daemons for example) -- the application may either run as root or
> non-root user (non-root should be preferred way, right?)
>
> For cases we need such a user, this user must have expected HOME, UID
> and GID to be possible to match on host, so after inspiring in the
> openshift base image (but not copied everything), what about:
>
>
> ENV HOME /home/default
> RUN mkdir -p ${HOME} && \
>      groupadd -r default -f -g 333 && \
>      useradd -u 333 -r -g default -d ${HOME} -s /sbin/nologin \
>              -c "Default Application User" default
>
> Home directory is first problem. May it be something in /home? Or rather
> take that user similar to users for daemons and use something like
> /var/lib/container-home?
>
> Then, what the UID and GID should be?
>
> Picking one from <1000 would disable this user from some operations,
> that check MIN_UID explicitly to behave differently, but maybe it makes
> sense -- we can take that user as a special one, not ordinary one;
> personally the preferred way.
>
> Picking one from >1000 could provide conflicts on host in case the same
> already exists there.
>
> Any ideas?
>
> Honza
> _______________________________________________
> env-and-stacks mailing list
> env-and-stacks at lists.fedoraproject.org
> https://lists.fedoraproject.org/mailman/listinfo/env-and-stacks