Working on user in dockerfile and installing packages on it permission denied
up vote
1
down vote
favorite
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
asked Nov 22 at 14:51
Frytek
257
add a comment |
up vote
1
down vote
favorite
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
asked Nov 22 at 14:51
Frytek
257
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
asked Nov 22 at 14:51
Frytek
257
I want to install packages on dockefile as user in /home/user .
FROM ubuntu:16.04
ENV user lg
RUN useradd -m -d /home/${user} ${user}
&& chown -R ${user} /home/${user}
USER ${user}
WORKDIR /home/${user}
RUN apt-get update
RUN apt-get -y install curl
RUN apt-get -y install lsb-core
RUN apt-get -y install lsb
RUN apt-get -y upgrade -f
Docker throws error on executing apt-get update
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
Thanks :)
docker permissions package dockerfile root
docker permissions package dockerfile root
asked Nov 22 at 14:51
Frytek
257
asked Nov 22 at 14:51
Frytek
257
asked Nov 22 at 14:51
Frytek
257
asked Nov 22 at 14:51
Frytek
257
asked Nov 22 at 14:51
Frytek
257
257
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
accepted
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
add a comment |
up vote
0
down vote
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 at 18:40
David Maze
9,0232821
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
add a comment |
up vote
1
down vote
accepted
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
It's because your lg user simply doesn't have necessary permissions. In this case, it doesn't matter that ubuntu is dockerized. It's like in any other Linux distro - you need permissions to do certain actions. An example: if you'd create a new user on your native system I bet command apt-get install X would raise the exact same error, wouldn't it?
In order to install anything, you'll need sudo to authenticate as root for this user. This can be achieved like so:
FROM ubuntu:16.04
RUN apt-get update &&
apt-get -y install sudo
ENV user lg
RUN useradd -m -d /home/${user} ${user} &&
chown -R ${user} /home/${user} &&
adduser ${user} sudo &&
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ${user}
WORKDIR /home/${user}
RUN sudo apt-get -y install curl &&
sudo apt-get -y install lsb-core &&
sudo apt-get -y install lsb &&
sudo apt-get -y upgrade -f
A little explanation:
- First, you'll need to install sudo package
- Add your user to sudo
- And you also need to add NOPASSWD to the sudoers file (I've done it for ALL but you can easily set it for a specific user). Without this, you will encounter following error:
sudo: no tty present and no askpass program specified
- Now you can install stuff with this user
Also try avoiding using multiple times the same Dockerfile instruction (In your case you had redundant 4x RUN). Each instruction is a separate layer in later build image. This is known Dockerfile best practice.
Minimize the number of layers In older versions of Docker, it was
important that you minimized the number of layers in your images to
ensure they were performant. The following features were added to
reduce this limitation:
In Docker 1.10 and higher, only the instructions RUN, COPY, ADD create
layers. Other instructions create temporary intermediate images, and
do not directly increase the size of the build.
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
edited Nov 22 at 15:49
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
answered Nov 22 at 15:33
Raoslaw Szamszur
897415
897415
add a comment |
add a comment |
up vote
0
down vote
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 at 18:40
David Maze
9,0232821
add a comment |
up vote
0
down vote
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 at 18:40
David Maze
9,0232821
add a comment |
up vote
0
down vote
up vote
0
down vote
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 at 18:40
David Maze
9,0232821
apt-get on Debian-like systems generally needs to be run as root. In a Dockerfile, you can simply switch user identities with a USER directive; this generally defaults to running as root. You can switch user identities as many times as you like; but it's common to do all "installation" type things first and then only switch user IDs later.
(I would not make things like "non-root user name" or "home directory" parametrizable: these are internal to the container and it's slightly easier to treat them as fixed, you almost never see them outside the container and to the extent that things like docker run -v can interact with them, it's much easier if they're fixed values.)
So I might rewrite this Dockerfile like:
FROM ubuntu:16.04
# Do this in one apt-get step for efficiency; and in the
# same Docker layer to avoid the APT cache getting out of
# date.
RUN apt-get update
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -f
&& DEBIAN_FRONTEND=noninteractive apt-get install
--no-install-recommends --assume-yes
curl lsb lsb-core
# Set up the local user directory and copy the application in
# (still as root)
WORKDIR /lg
COPY . ./
# Now set up the non-root user
RUN user add -m -d /lg lg
USER lg
# Default thing to run when running the container
CMD ["/lg/lg"]
In general you should not install su or sudo in an image. Both have some unintuitive behaviors when run non-interactively (for instance in a Dockerfile). In the unusual case where you do need to docker exec to get a shell in a running container, you can just as easily add a -u root option to that to become whichever user you want.
answered Nov 22 at 18:40
David Maze
9,0232821
answered Nov 22 at 18:40
David Maze
9,0232821
answered Nov 22 at 18:40
David Maze
9,0232821
answered Nov 22 at 18:40
David Maze
9,0232821
9,0232821
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53433486%2fworking-on-user-in-dockerfile-and-installing-packages-on-it-permission-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
