Run in docker as ~~non-root user~~ arbitrary UID?

[llwt]

Is there any way to get the dockerfile built running as a user other than root? We're looking to deploy this into our internal openshift cluster where we cannot run as the root user, and instead have a random UID assigned at container startup.

[llwt]

Workaround for anyone else that runs into this:

Dockerfile

FROM smarketshq/marge-bot:latest

COPY ./uid_entrypoint /bin/

# NOTE: in latest margebot image, /etc/passwd doesn't exist
RUN chmod u+x /bin/uid_entrypoint \
  && touch /etc/passwd \
  && chmod g=u /etc/passwd

ENTRYPOINT [ "uid_entrypoint", "/bin/marge.app" ]
USER 1001

uid_entrypoint

#!/bin/sh

if ! whoami &> /dev/null; then
  echo "user doesn't exist, attempting to create..."

  if [ -w /etc/passwd ]; then
    PASSWD_UPDATE="${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin"
    echo "updating passwd with: ${PASSWD_UPDATE}"
    echo "${PASSWD_UPDATE}" >> /etc/passwd
  else
    echo "/etc/passwd not writable, could not update..."
    exit 1
  fi
fi

exec "$@"

oscp docs on the matter

[snim2]

I'm not sure whether it's useful to you, but I run marge-bot as a non-root user via systemd. Just make sure that you have User and Group set in the Service section of the service definition:

[Service]
User=marge-bot
Group=marge-bot
...

and follow a scheme a bit like this one.

[snim2]

I won't delete the comment above, but I realise it's not actually related to this issue at all! Mea culpa.