DEV Community

Discussion on: How to securely build Docker images for Node.js

Collapse
 
rubberduck profile image
Christopher McClellan

You’re jumping through a lot of hoops to create a user. There’s a keyword for creating a user in a particular group.

docs.docker.com/engine/reference/b...

Collapse
 
lirantal profile image
Liran Tal

the USER instruction though is only switching the user ownership to a specific user, it isn't actually creating a new one. Correct?

Collapse
 
rubberduck profile image
Christopher McClellan

No. It creates a user. The only reason to do it the way you did it is if you need to map a user/group from the host to one inside the container.

Thread Thread
 
lirantal profile image
Liran Tal • Edited

Would you like to reference an example Dockerfile for that?
AFAIK a directive such as USER lirantal does not create a user if one doesn't exist already.

Thread Thread
 
asto profile image
astodev

docs.docker.com/engine/reference/b...

USER directive does not create a user. The username specified must already exist or can be created earlier in the Dockerfile directives.

From docs.docker.com/develop/develop-im...
If a service can run without privileges, use USER to change to a non-root user. Start by creating the user and group in the Dockerfile with something like:


RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres

Thread Thread
 
lirantal profile image
Liran Tal

Thanks for reassuring.

Thread Thread
 
rubberduck profile image
Christopher McClellan

Yup. I stand corrected.