Change user in docker with noVNC


We are creating a docker image that starts from an image that contains the noVNC installed in root and whenever we boot we are in the root user

Can it be changed so that it is another user who starts the container and therefore the noVNC?

asked by user14106 08.09.2016 в 15:48

2 answers


Clarification of the documentation docker :


Running containers (and applications) with Docker implies running the   Docker daemon. This daemon currently requires root privileges, and you   should therefore be aware of some important details.

That is, the Docker daemon runs with privileges of root and consequently the containers run (in principle) with privileges of root . So you have to be very careful with what you do ( "A great power carries a great responsibility" ).

On the Host (host computer)

You may want to not use user root to execute Docker commands, delegating those tasks to a group of users. There are two options:

  • Using sudo . The topic is long, if you do not know the subject well I suggest you read a tutorial, such as this .

  • Create the group docker and add the users to it. The details are in the docker installation guide. For example for Ubuntu here

  • In the Container (container)

    As mentioned above the default container runs as root , this can bring you problems, for example if you are not careful in creating files you will have root as owner (owner) and in particular if you have mounted volumes on the host you can find that root is owner of the file on both the host and the container.

    You can configure the user with whom the container runs on the Dockerfile using the USER . For example:

    USER novnc

    Depending on what you are creating the image, you may need to add the necessary users and groups, before selecting the user.

    RUN groupadd -r novnc && useradd -r -g novnc 

    NOTE: In Unix, users and groups identify themselves with numbers ( uids and gids ) so that to make some sense in both the host and the container, you should have made some kind of mapping (at the level of what they are called on one side and another).

    References (in English):

    answered by 08.09.2016 в 16:07

    Add to the user that you want to run the container to the docker group, which is usually docker .

    answered by 08.09.2016 в 16:07