Working on user in dockerfile and installing packages on it permission denied
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
add a comment |
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
add a comment |
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
docker permissions package dockerfile root
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
asked Nov 22 '18 at 14:51
FrytekFrytek
2217
2217
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
add a comment |
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53433486%2fworking-on-user-in-dockerfile-and-installing-packages-on-it-permission-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
add a comment |
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
add a comment |
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
edited Nov 22 '18 at 15:49
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
answered Nov 22 '18 at 15:33
Raoslaw SzamszurRaoslaw Szamszur
910515
910515
add a comment |
add a comment |
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
add a comment |
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
add a comment |
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
answered Nov 22 '18 at 18:40
David MazeDavid Maze
12.9k31225
12.9k31225
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53433486%2fworking-on-user-in-dockerfile-and-installing-packages-on-it-permission-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
