linux - Set docker image username at container creation time? -


i have opensuse 42.3 docker image i've configured run code. image has single user(other root) called "myuser" create during initial image generation via dockerfile. have 3 script files generate container image based on operating system user on.

question: can username "myuser" in container set username of user executes container generation script?

my goal let user pop container interactively , able run code within container. code single binary executes , has io, want user's directory accessible within container can navigate folder on machine , run code generate output in filesystem.

below have constructed far. tried setting user environment variable during linux script's call docker run, didn't change user "myuser" "bob" (the username on host machine started container). mounting of directories seems work fine. i'm not sure if possible achieve goal.

linux container script:

username="$user" userid="$(id -u)" groupid="$(id -g)" home="${1:-$home}"  imagename="myimage:imagetag" containername="version1image"  docker run  -it -d --name ${containername}  -u $userid:$groupid     \             -e user=${username} --workdir="/home/myuser"            \             --volume="${home}:/home/myuser" ${imagename} /bin/bash  \

mac container script:

username="$user" userid="$(id -u)" groupid="$(id -g)" home="${1:-$home}"  imagename="myimage:imagetag" containername="version1image"  docker run  -it -d --name ${containername}                          \             --workdir="/home/myuser"            \             --v="${home}:/home/myuser" ${imagename} /bin/bash  \

windows container script:

echo off set imagename="myimage:imagetag" set containername="version1image"  docker run -it -d --name %containername% --workdir="/home/myuser" -v="%userprofile%:/home/myuser" %imagename% /bin/bash   echo "container %containername% created." echo "run ./startwindowslocistream script launch container"

the below code has been checked https://github.com/bmitch3020/run-as-user.

i handle in entrypoint.sh checks ownership of /home/myuser , updates uid/gid of user inside container. can like:

#!/bin/sh  set -x # uid/gid user_uid=`ls -nd /home/myuser | cut -f3 -d' '` user_gid=`ls -nd /home/myuser | cut -f4 -d' '`  # current uid/gid of myuser cur_uid=`getent passwd myuser | cut -f3 -d: || true` cur_gid=`getent group myuser | cut -f3 -d: || true`  # if don't match, adjust if [ ! -z "$user_gid" -a "$user_gid" != "$cur_gid" ];   groupmod -g ${user_gid} myuser fi if [ ! -z "$user_uid" -a "$user_uid" != "$cur_uid" ];   usermod -u ${user_uid} myuser   # fix other permissions   find / -uid ${cur_uid} -mount -exec chown ${user_uid}.${user_gid} {} \; fi   # drop access myuser , run cmd exec gosu myuser "$@"

and here's lines relevant dockerfile:

from debian:9 arg gosu_version=1.10  # run root, let entrypoint drop myuser user root  # install prereq debian packages run apt-get update \  && debian_frontend=noninteractive apt-get install -y --no-install-recommends \      apt-transport-https \      ca-certificates \      curl \      vim \      wget \  && apt-get clean \  && rm -rf /var/lib/apt/lists/*  # install gosu run dpkgarch="$(dpkg --print-architecture | awk -f- '{ print $nf }')" \  && wget -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$gosu_version/gosu-$dpkgarch" \  && chmod 755 /usr/local/bin/gosu \  && gosu nobody true  run useradd -d /home/myuser -m myuser workdir /home/myuser  # entrypoint used update uid/gid , run users command copy entrypoint.sh /entrypoint.sh entrypoint ["/entrypoint.sh"] cmd /bin/sh

then run it, need mount /home/myuser volume , adjust permissions in entrypoint. e.g.:

$ docker build -t run-as-user .  $ docker run -it --rm -v $(pwd):/home/myuser run-as-user /bin/bash

inside container can run id , ls -l see have access /home/myuser files.


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more