Non-privileged Containers
Non-privileged Containers
In this lesson, you will learn how to use the USER instruction to create a non-privileged user. Rather than using root, we can use a non-privileged user to configure and run an application.
Simple Non Privileged Container
Step 1: Setup your environment:
mkdir non-privileged-usercd non-privileged-userStep 2: Create the Dockerfile:
vi DockerfileStep 3: Creates a CentOS image that uses cloud_user as a non-privileged user
Dockerfile contents:
FROM centos:latest
RUN useradd -ms /bin/bash cloud_user
USER cloud_userStep 4: Build the new image:
docker image build -t centos7/nonroot:v1 .Step 5: Create a container using the new image:
docker container run -it --name test-build centos7/nonroot:v1 /bin/bashStep 6: Connecting as a privileged user:
docker container start test-builddocker container exec -u 0 -it test-build /bin/bashNode.JS Based Application Non Privileged Container
Step 1: Set up the environment:
mkdir node-non-privileged-usercd node-non-privileged-userStep 2: Clone the Github Repository
git clone https://github.com/nishanthkumarpathi/content-weather-app.git srcStep 3: Create the Dockerfile:
vi DockerfileStep 4: Create an image for the weather-app
Dockerfile contents:
FROM node
LABEL org.label-schema.version=v1.1
RUN useradd -ms /bin/bash node_user
USER node_user
ADD src/ /home/node_user
WORKDIR /home/node_user
RUN npm install
EXPOSE 3000
CMD ./bin/wwwStep 5: Build the weather-app image using the non-privileged user node_user:
docker image build -t nishanthkp/weather-app-nonroot:v1 .Step 6: Create a container using the nishanthkp/weather-app-nonroot:v1 image:
docker container run -d --name weather-app-nonroot -p 8086:3000 nishanthkp/weather-app-nonroot:v1Last updated