I need users in my docker containers. My build is from the busybox image which is missing groupadd, I tried to add it using apt-get but that's also missing. What do I need to add to my Dockerfile to get groupadd?
So far I have
FROM busybox
RUN apt-get install bash
RUN groupadd -r postgres && useradd -r -g postgres postgres
CMD /bin/sh
You're trying to run Debian based command on a non-Debian system. If you need apt-get and other tools like that, you should change your base image with a FROM debian.
Busybox does include the addgroup with the following syntax:
/ # addgroup --help
BusyBox v1.24.2 (2016-03-18 16:38:06 UTC) multi-call binary.
Usage: addgroup [-g GID] [-S] [USER] GROUP
Add a group or add a user to a group
-g GID Group id
-S Create a system group
Related
I’m trying to install SSH (and enable the service) on top of my Nextcloud installation in Docker, and have it work on reboot. Having run through many Dockerfile, docker-compose combinations I can’t seem to get this to work. Ive tried using entrypoint.sh scripts with Dockerfile, but it wants a CMD at the end and then it doesn’t execute the “normal” nextcloud start up.
entrypoint.sh:
#!/bin/sh
# Start the ssh server
service ssh start
# Execute the CMD
exec "$#"
Dockerfile:
FROM nextcloud:latest
RUN apt update -y && apt-get install ssh -y
RUN apt-get install python3 -y && apt-get install sudo -y
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN useradd -m ansible -s /bin/bash
RUN sudo -u ansible mkdir /home/ansible/.ssh
RUN mkdir -p /var/run/sshd
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/sbin/sshd", "-D"]
Any help would be much appreciated. Thank you
In general I'd say - break the problem you're having down into smaller parts - it'll help isolate the source of the problem.
Here's how I'd approach the reported issue.
First - replace (in your Dockerfile)
apt-get install -y ssh
with the recommended
apt install -y openssh-server
Then - test just the required parts of your Dockerfile addressing the issue - simplify it just to the following:
FROM nextcloud:latest
RUN apt update
RUN apt install -y openssh-server
Then build a test image using this Dockerfile via the command
docker build . -t test_nextcloud
This will build the image - giving it the name (tag) of test_nextcloud.
Then run a container from this newly built image via the docker run command
docker run -p 8080:80 -d --name nextcloud test_nextcloud
This will run the container on port 8080 in detatched mode, and give the assicated container the name of nextcloud.
Then - with the container running - you should be able to enter into it using the following command
docker container exec -u 0 -it nextcloud bash
as root.
Now that you are in, you should be able to startup the ssh server via the command
service ssh start
Having followed a set of steps like this to confirm that you can indeed startup an ssh server in the nextcloud container, begin adding back in your additional logic (begining with the original Dockerfile).
Following Docker's installation instructions for Linux on a MacBook, since there isn't a dedicated page for MacOs, I am unable to create the docker group and assign myself to it:
sudo groupadd docker
sudo usermod -aG docker $USER
Since both groupadd and usermod commands are unidentified in mac.
What are the macOS alternatives?
The solution was found to be the dscl command.
And specifically:
sudo dscl . create /Groups/docker GroupMembership userName
with userName being the user I want to put in the docker group.
First of all, let me state I'm not the most virtuous of Linux users, so bear with me...
Below is a brief run-down of all the steps I took. Ultimately the question/issue is is that it seems impossible for me to get a proper docker-compose installation downloaded.
Followed instructions to install docker https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-basics.html
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
Tried 4 variations of the above command to try to install docker-compose. As shown in the URLs below.
https://www.codegrepper.com/code-examples/php/how+to+install+docker+compose+in+ec2
https://portal.cloud303.io/forum/aws-1/question/i-want-to-install-docker-compose-on-an-amazon-linux-2-ec2-instance-9
https://acloudxpert.com/how-to-install-docker-compose-on-amazon
https://gist.github.com/npearce/6f3c7826c7499587f00957fee62f8ee9
When typing "docker-compose", "sudo docker-compose" etc. All it will say is
"Line 1: Not: command not found".
It seems to be the issue that the docker-compose file is only 9kb in size. Because this is what I get back every time I use the above mentioned docker-compose install sequences.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9 100 9 0 0 58 0 --:--:-- --:--:-- --:--:-- 58
This issue is sort of addressed here:
https://github.com/docker/compose/issues/6268
Where it is said that the OS is not supported or that we're running a 32bit instance, but of which seem to be strange because all the above tutorials are specifically for AWS EC2 Linux 2.
fwiw 'uname -m' returns aarch64.
So, does anyone have an idea of how to get a full-sized version of docker-compose instead of the 9kb file?
Thanks!
followed the link to install the docker-compose link
Basically, thee are only two steps as below:
sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose version
Amazon Linux is "just" the OS, but compiled binaries also depend on your processor architecture. For instance, EC2 t3a series are based on x86_64 architecture wheras the new t4g types are of aarch64 (which is the reason I run into as similar issue as you and ended up here). uname -m returns that identifier, in your case apparently aarch64.
Since the docker-compose github repo contains no released binary for this architeture (as opposed to x86_64), the resolved full download URL returns a "Not found" body instead of the expected binary, thus the described error message when you try to execute it.
As you already found out, there a multiple threads which discuss this issue. The only thing that eventually worked for me was to install docker-compose manually via python's packaga manager pip. Since this approach involves a couple of compilation steps, you need to add various additional OS packages and may face other mostly dependency related errors in the process. But the following steps eventually worked for me:
uname -s -m
1> Linux aarch64
cat /etc/system-release
1> Amazon Linux release 2 (Karoo)
sudo yum install -y python37 \
python3-devel.$(uname -m) libpython3.7-dev \
libffi-devel openssl-devel
# need gcc and friends
sudo yum groupinstall -y "Development Tools"
# make sure pip is up2date
sudo python3 -m pip install -U pip
python3 -m pip install docker-compose
docker-compose --version
1> docker-compose version 1.27.4, build unknown
Hope it works for you as well. Good Luck!
You can start from the scratch on Amazon Linux ec2 instance for installing Docker by following the step:
sudo yum update -y
sudo amazon-linux-extras install docker
sudo yum install docker
sudo service docker start
sudo usermod -a -G docker ec2-user
Then logout from the instance and login again to verify the installation of Docker
docker info
To install Docker-compose follow the below steps:
sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose version
I tried everything here mentioned, in the end, it was a problem with the symlink. The official docker page gave me the solution.
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
If it doesn't work after that command, check if you can find docker in your bin folder, e.g. with: ls /usr/local/bin/
If you can see docker-compose there, you almost made it.
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
An easy way to check if docker-compose is there and Linux able to find it, is to use `which docker-compose, also if it is linked correctly, you will get the path to docker-compose as a response.
This worked for me on a AWS EC2 instance with Linux2 as OS.
I faced the same issue. My configuration is T4Large - ARM64 - Ubuntu Server 20.04 LTS and I resolved using the following command
$ sudo apt install docker-compose
This will install the 1.25.0 version of docker compose which is a bit older. At the time of writing this answer the current version is 1.29.1
Another alternative is to use Docker Compose as Docker Container.
Use the following commands to run Docker Compose Container
$ sudo curl -L --fail https://raw.githubusercontent.com/linuxserver/docker-docker-compose/master/run.sh -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
This should work on any Linux distro and on architecture like x86_64, armv7l/armhf, and aarch64/armv8/arm64 if you already have docker installed.
The important point to note is, this runs compose inside a container and does not require installing python on the host system.
Docker hub reference: https://hub.docker.com/r/linuxserver/docker-compose
Installing Docker-Compose in EC2 instance follow below steps
1st command: # sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
2nd command: # sudo chmod +x /usr/local/bin/docker-compose
3rd command: # ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
4th Command to verify docker compose: # docker-compose version
It will install latest version of docker-compose. 3rd command is necessary.
This will do everything you need.
Cut. paste. done.
cat ec2-al2-docker-compose.sh
#the following script will install docker and docker compose on amazon linux 2
# run this script then
# sudo docker ps; docker-compose up
# note docker-compose up doesnt use sudo
sudo yum update -y
sudo yum install docker git -y
sudo usermod -a -G docker ec2-user
id ec2-user
newgrp docker
sudo yum install python3-pip -y
sudo pip3 install docker-compose
sudo systemctl enable docker.service
sudo systemctl start docker.service
I am trying to RUN sudo su - inside the Dockerfile and I get this error
/bin/sh: 1: sudo: not found
This is how my Dockerfile looks like:
FROM ubuntu:18.04
RUN sudo su -
RUN apt update && install openjdk-8-jdk
RUN wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add - && sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/kenkins.list'
RUN apt update && apt install jenkins
RUN curl -fsSL get.docker.com | /bin/bash
RUN usermod -aG docker jenkins && systemctl restart jenkins
This error comes when I try to build it.
docker build -t jenkins .
Can someone help me?
The dockerfile will run as a virtual "root" user by default, so there is no need to include any sudo command.
Since the example script contains no "-y" defaults it seems that you have simply typed the description for a manual installation into a script. This will never work. And well, in a container the application does also need to be on PID-1 which systemctl will not do.
After going through a basic tutorial on docker you will find out why.
This command seems not to be doing anything except for creating an extra layer without any useful effect.
$ cat Dockerfile
FROM ubuntu:18.04
RUN apt-get update && apt-get install openjdk-8-jdk -y
If You want to change the use privilege use USER flag in Dockerfile
I'm trying to switch user to the tomcat7 user in order to setup SSH certificates.
When I do su tomcat7, nothing happens.
whoami still ruturns root after doing su tomcat7
Doing a more /etc/passwd, I get the following result which clearly shows that a tomcat7 user exists:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
messagebus:x:101:104::/var/run/dbus:/bin/false
colord:x:102:105:colord colour management daemon,,,:/var/lib/colord:/bin/false
saned:x:103:106::/home/saned:/bin/false
tomcat7:x:104:107::/usr/share/tomcat7:/bin/false
What I'm trying to work around is this error in Hudson:
Command "git fetch -t git#________.co.za:_______/_____________.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: Host key verification failed.
This is my Dockerfile, it takes an existing hudson war file and config that is tarred and builds an image, hudson runs fine, it just can't access git due to certificates not existing for user tomcat7.
FROM debian:wheezy
# install java on image
RUN apt-get update
RUN apt-get install -y openjdk-7-jdk tomcat7
# install hudson on image
RUN rm -rf /var/lib/tomcat7/webapps/*
ADD ./ROOT.tar.gz /var/lib/tomcat7/webapps/
# copy hudson config over to image
RUN mkdir /usr/share/tomcat7/.hudson
ADD ./dothudson.tar.gz /usr/share/tomcat7/
RUN chown -R tomcat7:tomcat7 /usr/share/tomcat7/
# add ssh certificates
RUN mkdir /root/.ssh
ADD ssh.tar.gz /root/
# install some dependencies
RUN apt-get update
RUN apt-get install --y maven
RUN apt-get install --y git
RUN apt-get install --y subversion
# background script
ADD run.sh /root/run.sh
RUN chmod +x /root/run.sh
# expose port 8080
EXPOSE 8080
CMD ["/root/run.sh"]
I'm using the latest version of Docker (Docker version 1.0.0, build 63fe64c/1.0.0), is this a bug in Docker or am I missing something in my Dockerfile?
You should not use su in a dockerfile, however you should use the USER instruction in the Dockerfile.
At each stage of the Dockerfile build, a new container is created so any change you make to the user will not persist on the next build stage.
For example:
RUN whoami
RUN su test
RUN whoami
This would never say the user would be test as a new container is spawned on the 2nd whoami. The output would be root on both (unless of course you run USER beforehand).
If however you do:
RUN whoami
USER test
RUN whoami
You should see root then test.
Alternatively you can run a command as a different user with sudo with something like
sudo -u test whoami
But it seems better to use the official supported instruction.
As a different approach to the other answer, instead of indicating the user upon image creation on the Dockerfile, you can do so via command-line on a particular container as a per-command basis.
With docker exec, use --user to specify which user account the interactive terminal will use (the container should be running and the user has to exist in the containerized system):
docker exec -it --user [username] [container] bash
See https://docs.docker.com/engine/reference/commandline/exec/
In case you need to perform privileged tasks like changing permissions of folders you can perform those tasks as a root user and then create a non-privileged user and switch to it.
FROM <some-base-image:tag>
# Switch to root user
USER root # <--- Usually you won't be needed it - Depends on base image
# Run privileged command
RUN apt install <packages>
RUN apt <privileged command>
# Set user and group
ARG user=appuser
ARG group=appuser
ARG uid=1000
ARG gid=1000
RUN groupadd -g ${gid} ${group}
RUN useradd -u ${uid} -g ${group} -s /bin/sh -m ${user} # <--- the '-m' create a user home directory
# Switch to user
USER ${uid}:${gid}
# Run non-privileged command
RUN apt <non-privileged command>
Add this line to docker file
USER <your_user_name>
Use docker instruction USER
You should also be able to do:
apt install sudo
sudo -i -u tomcat
Then you should be the tomcat user. It's not clear which Linux distribution you're using, but this works with Ubuntu 18.04 LTS, for example.
There's no real way to do this. As a result, things like mysqld_safe fail, and you can't install mysql-server in a Debian docker container without jumping through 40 hoops because.. well... it aborts if it's not root.
You can use USER, but you won't be able to apt-get install if you're not root.