default user inside container?

Honza Horak hhorak at
Thu Apr 23 15:10:26 UTC 2015

We touched this problem on today's meeting, but not found the final 
solutions yet, the log may be worth reading though:


On 04/22/2015 07:22 PM, Honza Horak wrote:
> Hey,
> having in mind docker images for e.g. python, ruby, nodejs and some
> application written in those languages/frameworks already inside the
> docker (basically those where there is no specific user to be used like
> for daemons for example) -- the application may either run as root or
> non-root user (non-root should be preferred way, right?)
> For cases we need such a user, this user must have expected HOME, UID
> and GID to be possible to match on host, so after inspiring in the
> openshift base image (but not copied everything), what about:
> ENV HOME /home/default
> RUN mkdir -p ${HOME} && \
>      groupadd -r default -f -g 333 && \
>      useradd -u 333 -r -g default -d ${HOME} -s /sbin/nologin \
>              -c "Default Application User" default
> Home directory is first problem. May it be something in /home? Or rather
> take that user similar to users for daemons and use something like
> /var/lib/container-home?
> Then, what the UID and GID should be?
> Picking one from <1000 would disable this user from some operations,
> that check MIN_UID explicitly to behave differently, but maybe it makes
> sense -- we can take that user as a special one, not ordinary one;
> personally the preferred way.
> Picking one from >1000 could provide conflicts on host in case the same
> already exists there.
> Any ideas?
> Honza
> _______________________________________________
> env-and-stacks mailing list
> env-and-stacks at

More information about the env-and-stacks mailing list