How to Add Users to Docker Container

How to add users to Docker container?

The trick is to use useradd instead of its interactive wrapper adduser.
I usually create users with:

RUN useradd -ms /bin/bash newuser

which creates a home directory for the user and ensures that bash is the default shell.

You can then add:

USER newuser
WORKDIR /home/newuser

to your dockerfile. Every command afterwards as well as interactive sessions will be executed as user newuser:

docker run -t -i image
newuser@131b7ad86360:~$

You might have to give newuser the permissions to execute the programs you intend to run before invoking the user command.

Using non-privileged users inside containers is a good idea for security reasons. It also has a few drawbacks. Most importantly, people deriving images from your image will have to switch back to root before they can execute commands with superuser privileges.

What is a clean way to add a user in Docker with sudo priviledges?

Generally you should think of a Docker container as a wrapper around a single process. If you ask this question about other processes, it doesn't really make sense. (How do I add a user to my PostgreSQL server with sudo privileges? How do I add a user to my Web browser?)

In Docker you almost never need sudo, for three reasons: it's trivial to switch users in most contexts; you don't typically get interactive shells in containers (how do I get a directory listing from inside the cron daemon?); and if you can run any docker command at all you can very easily root the whole host. sudo is also hard to script, and it's very hard to usefully maintain a user password in Docker (writing a root-equivalent password in a plain-text file that can be easily retrieved isn't a security best practice).

In the context of your question, if you've already switched to some non-root user, and you need to run some administrative command, use USER to switch back to root.

USER janedoe
...
USER root
RUN apt-get update && apt-get install -y some-package
USER janedoe

Since your containers have some isolation from the host system, you don't generally need containers to have the same user names or user IDs as the host system. The exception is when sharing files with the host using bind mounts, but there it's better to specify this detail when you start the container.

The typical practice I'm used to works like this:

In your Dockerfile, create some non-root user. It can have any name. It does not need a password, login shell, home directory, or any other details. Treating it as a "system" user is fine.
```
 FROM ubuntu:18.04
 RUN adduser --system --group --no-create-home appuser
```

Still in your Dockerfile, do almost everything as root. This includes installing your application.

 RUN apt-get update && apt-get install ...
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install -r requirements.txt
 COPY . .

When you describe the default way to run the container, only then switch to the non-root user.
```
 EXPOSE 8000
 USER appuser
 CMD ["./main.py"]
```
Ideally that's the end of the story: your code is built into your image and it stores all of its data somewhere external like a database, so it doesn't care about the host user space at all (there by default shouldn't be docker run -v or Docker Compose volumes: options).
If file permissions really matter, you can specify the numeric host user ID to use when you launch the container. The user doesn't specifically need to exist in the container's /etc/passwd file.
```
 docker run \
   --name myapp \
   -d \
   -p 8000:8000 \
   -v $PWD:/data \
   -u $(id -u) \
   myimage
```

How do I add the local users to my docker container?

You would have to mount all relevant linux files using -v like /etc/passwd, /etc/shadow, /ect/group, and /etc/sudoers. Though I can't recommend this due to the security risks, if anyone gets root access in the container they can add users on the host or change passwords since he mount works both ways.

The list of files is not exhaustive, for example, you have to also make sure the shell exacutables exist within the container. When testing this I had to make a symbolic link from /usr/bin/zsh to /bin/bash for example since my user has the zsh shell configured which was not present in the docker image.

If you want to use these users to interact with mounted files, you also have to make sure that user namespace remapping is disabled, or specify that you want to use the same user namespace as the host with the --userns=host flag. Again, not recommended since it is a security feature, so use with care.

Note: Once you have done all this you can use su - {username} to switch to all your existing users. The -u options doesn't work since docker checks the /etc/passwd file before mounting and will give an error.

How to add user with dockerfile?

Use useradd instead of its interactive adduser to add user.

RUN useradd -ms /bin/bash  vault

Below command will not create user .

USER vault
WORKDIR /usr/local/bin/vault

it will use vault user

please Refer Dockerfile User Documentation

The USER instruction sets the user name or UID to use when running the
image and for any RUN, CMD and ENTRYPOINT instructions that follow it
in the Dockerfile.

NOTE : Ensures that bash is the default shell.

If default shell is /bin/sh you can do like:

RUN ln -sf /bin/bash /bin/sh
RUN useradd -ms /bin/bash  vault

Create a user on the docker host from inside a container

When you mount an individual file, you end up mounting the inode of that file with the bind mount. And when you write to the file, many tools create a new file, with a new inode, and replace the existing file with that. This avoids partial reads, and other file corruption risks if you were to modify the file in place.

What you are attempting to do is likely a very bad idea, it's the very definition of a container escape, allowing the container to setup credentials on the host. If you really need host access, I'd mount the folder in a different location because containers have other files that are automatically mounted in /etc. So you could say /etc:/host/etc and access the files in the container under /host/etc. Just realize that's even a larger security hole.

Note, if the entire goal is to avoid permission issues between the host and the container, there are much better ways to do this, but that would be an X-Y problem.

How to use one docker image for multiple users with their system login $USER inside docker container when the user runs the docker image?

There is nothing you can do in terms of creating your image that will automatically expose the username of the user running the container inside the container. You can only do that by providing appropriate command line arguments when you start a container.

You'll need to provide either documentation or a wrapper script that applies the appropriate docker run command line arguments:

docker run -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -u $UID -e UID -e USER yourimage ...

Depending on what you're trying to accomplish you may need to also expose the user's home directory:

docker run -it -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -u $UID -v $HOME:$HOME -e HOME -e UID -e USER -w $HOME yourimage ...

How to Add Users to Docker Container