[docker] Root password inside a Docker container

I'm using a Docker image which was built using the USER command to use a non-root user called dev. Inside a container, I'm "dev", but I want to edit the /etc/hosts file.

So I need to be root. I'm trying the su command, but I'm asked to enter the root password.

What's the default root user's password inside a Docker container?

This question is related to docker

The answer is


In some cases you need to be able to do things like that under a user with sudo (e.g. the application running in the container provides a shell to users). Simply add this into you Dockerfile:

RUN apt-get update         # If necessary
RUN apt-get install sudo   # If your base image does not contain sudo.
RUN useradd -m -N -s /bin/bash -u 1000 -p '$1$miTOHCYy$K.c4Yw.edukWJ7z9rbpTZ0' user && \
    usermod -aG sudo user  # Grant sudo to the user
USER user

Now under the default image user user you will be able to sudo with the password set on line 3.

See how to generate password hash for useradd here or here.


I am able to get it working with the below command.

root@gitnew:# docker exec -it --user $(username) $(containername) /bin/bash

When you start the container, you will be root but you won't know what root's pw is. To set it to something you know simply use "passwd root". Snapshot/commit the container to save your actions.


I had exactly this problem of not being able to su to root because I was running in the container as an unprivileged user.

But I didn't want to rebuild a new image as the previous answers suggest.

Instead I have found that I could access the container as root using 'nsenter', see: https://github.com/jpetazzo/nsenter

First determine the PID of your container on the host:

docker inspect --format {{.State.Pid}} <container_name_or_ID>

Then use nsenter to enter the container as root

nsenter --target <PID> --mount --uts --ipc --net --pid

I'd suggest a better solution is to give the --add-host NAME:IP argument to docker run when starting the container. That will update the /etc/hosts/ file without any need to become root.

Otherwise, you can override the the USER setting by giving the -u USER flag to docker run. I would advise against this however, as you shouldn't really be changing things in a running container. Instead, make your changes in a Dockerfile and build a new image.


Get a shell of your running container and change the root pass.

docker exec -it <MyContainer> bash

root@MyContainer:/# passwd
Enter new UNIX password: 
Retype new UNIX password: 

docker exec -u 0 -it containername bash

By default docker containers run as the root user.

If you are still using the container you can use exit command to get back to root (default user) user instead of running the container again.

Example -

[dev@6c4c86bccf93 ~]$ ls
[dev@6c4c86bccf93 ~]$ other-commands..
[dev@6c4c86bccf93 ~]$ exit
[root@6c4c86bccf93 /]# ls

There are a couple of ways to do it.

  1. To run the Docker overriding the USER setting

     docker exec -u 0 -it containerName bash
    

or

docker exec -u root -it --workdir / <containerName> bash
  1. Make necessary file permissions, etc., during the image build in the Docker file

  2. If all the packages are available in your Linux image, chpasswdin the dockerfile before the USER utility.

For complete reference: http://muralitechblog.com/root-password-of-a-docker-container/


You can SSH in to docker container as root by using

docker exec -it --user root <container_id> /bin/bash

Then change root password using this

passwd root

Make sure sudo is installed check by entering

sudo

if it is not installed install it

apt-get install sudo

If you want to give sudo permissions for user dev you can add user dev to sudo group

usermod -aG sudo dev

Now you'll be able to run sudo level commands from your dev user while inside the container or else you can switch to root inside the container by using the password you set earlier.

To test it login as user dev and list the contents of root directory which is normally only accessible to the root user.

sudo ls -la /root

Enter password for dev

If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.


The password is 'ubuntu' for the 'ubuntu' user (at least in docker for ubuntu :14.04.03).

NB: 'ubuntu' is created after the startup of the container so, if you just do this:

 docker run -i -t --entrypoint /bin/bash  ubuntu     

You'll get the root prompt directly. From there you can force the password change of root, commit the container and optionally tag it (with -f) to ubuntu:latest like this:

root@ec384466fbbb:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@ec384466fbbb:~# exit

% docker commit ec3844
5d3c03e7d6d861ce519fe33b184cd477b8ad03247ffe19b2a57d3f0992d71bca

docker tag -f 5d3c ubuntu:latest

You must rebuild your eventual dependencies on ubuntu:latest.


You can use the USER root command in your Dockerfile.


You can log into the Docker container using the root user (ID = 0) instead of the provided default user when you use the -u option. E.g.

docker exec -u 0 -it mycontainer bash

root (id = 0) is the default user within a container. The image developer can create additional users. Those users are accessible by name. When passing a numeric ID, the user does not have to exist in the container.

from Docker documentation

Update: Of course you can also use the Docker management command for containers to run this:

docker container exec -u 0 -it mycontainer bash


To create/change a root password in a running container

docker exec -itu root {containerName} passwd

try the following command to get the root access

$ sudo -i