-
Notifications
You must be signed in to change notification settings - Fork 7
Add non root user
It is a good practice to set the daily usage account as a non-root user. Also, for the Linux host, if the Docker root user creates files in the mounted directory, the new shared files will be owned by the root of the host OS. It creates inconvenience to access those files as regular users in the host OS.
docker-setup.sh
apt-get install -y sudo
Dockerfile
ARG GID=1000
ARG UID=1000
RUN addgroup --gid $GID cit595
RUN useradd --system --create-home --shell /bin/bash --groups sudo -p "$(openssl passwd -1 mcit)" --uid $UID --gid $GID cit595
RUN chown -R cit595:cit595 /vagrant
USER cit595
The above changes do the following:
- Installs
sudo, since it was missing from the original install - Sets variables GID and UID to 1000 by default, which is the default UID and GID of the first-created new user on Linux systems. These can be overridden at build time by getting the UID and GID from the shell as follows:
docker-compose build --build-arg GID=$(id -g) --build-arg UID=$(id -u) mcit. - Creates the cit595 group with the given
GID - Creates the cit595 user with given GID and UID and with password "mcit", and adds the cit595 user to the sudo group, in case superuser commands still need to be run
- Changes ownership of /vagrant from root to cit595
- Keeps starting folder as /vagrant for convenience
The UID and GID need to match those of the Linux host to prevent annoying permissions problems in the shared /vagrant folder — all actions taken inside the /vagrant folder will be seen by the host as having been done by the host user because the UID and GID of the guest will be mapped to those of the host user.
This page is mainly based on @hanjiexi's feedback on Piazza at 2021 Summer. Thank you for the great contribution.