{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《How to send a password to `sudo` from a Dockerfile》','https://www.manongdao.com/q-411141.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am creating a docker file for local development needs. The file creates a user account with user as the password. The line that I think should work is:
# allow writes to the home directory
RUN echo "user" | sudo -S chmod 777 ~
However when I run the image interactively it seems that it failed & I see this message:
mkdir: cannot create directory ‘/home/.meteor-install-tmp’: Permission
denied
When I run sudo -S chmod 777 ~ from within the container it works.
Here is the full script:
# docker build -t timebandit/meteor-1-5 --rm .
# docker run -v /host/path:/home/code -it timebandit/meteor-1-5 bash
FROM ubuntu:xenial
# update the system
RUN apt-get update && apt-get -y install curl \
sudo \
apt-utils \
locales \
nano
# Set the locale
RUN sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/'
/etc/locale.gen && \
locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# set the root password
RUN echo "root:root" | chpasswd
# create a user
RUN useradd -ms /bin/bash user
RUN adduser user sudo
RUN echo 'user:user' | chpasswd
ENV HOME=/home
WORKDIR $HOME/user
USER user
# allow writes to the home directory
ARG user_pass
RUN echo $user_pass | sudo --stdin chmod 777 /home
# install meteor
RUN echo $user_pass | sudo curl https://install.meteor.com/ | sh
I'd recommend skipping the
sudocompletely since you can change users with your Dockerfile:Adding sudo to your image means it's there for an attacker to use. You can change the user of a
docker runordocker execcommand with the-u rootoption any time you need to get back into the container as root.~is the user's home directory, not the/homedirectory itself.So do the same for
/home:Let me tell you that you have two things that are usually discouraged (password in Dockerfile and 777 perms).
And as @meatspace suggests you may use docker build args:
And build with this: