How to use sudo inside a docker container

Question

Normally  docker containers are run using the user root  I d like to use a different user  which is no problem using docker s USER directive  But this user should be able to use sudo inside the container  This command is missing   Here s a simple Dockerfile for this purpose   FROM ubuntu 12 04  RUN useradd docker  amp  amp  echo  docker docker    chpasswd RUN mkdir -p  home docker  amp  amp  chown -R docker docker  home docker  USER docker CMD  bin bash   Running this container  I get logged in with user  docker   When I try to use sudo  the command isn t found  So I tried to install the sudo package inside my Dockerfile using   RUN apt-get install sudo   This results in Unable to locate package sudo

User · Answer

There is no answer on how to do this on CentOS  On Centos  you can add following to Dockerfile RUN echo  quot user ALL  root  NOPASSWD ALL quot   gt   etc sudoers d user  amp  amp        chmod 0440  etc sudoers d user

User · Answer

When neither sudo nor apt-get is available in container  you can also jump into running container as root user using command  docker exec -u root -t -i container id  bin bash

User · Answer

Here s how I setup a non-root user with the base image of ubuntu 18 04   RUN       groupadd -g 999 foo  amp  amp  useradd -u 999 -g foo -G sudo -m -s  bin bash foo  amp  amp        sed -i  etc sudoers -re  s   sudo    sudo ALL  ALL ALL  NOPASSWD  ALL g   amp  amp        sed -i  etc sudoers -re  s  root   root ALL  ALL ALL  NOPASSWD  ALL g   amp  amp        sed -i  etc sudoers -re  s   includedir        Removed the include directive       g   amp  amp        echo  foo ALL  ALL  NOPASSWD  ALL   gt  gt   etc sudoers  amp  amp        echo  Customized the sudoers file for passwordless access to the foo user    amp  amp        echo  foo user     su - foo -c id   What happens with the above code    The user and group foo is created  The user foo is added to the both the foo and sudo group  The uid and gid is set to the value of 999  The home directory is set to  home foo   The shell is set to  bin bash  The sed command does inline updates to the  etc sudoers file to allow foo and root users passwordless access to the sudo group  The sed command disables the  includedir directive that would allow any files in subdirectories to override these inline updates

User · Answer

If you have a container running as root that runs a script  which you can t change  that needs access to the sudo command  you can simply create a new sudo script in your  PATH that calls the passed command   e g  In your Dockerfile   RUN if type sudo 2 gt  dev null  then         echo  The sudo command already exists    Skipping          else        echo -e     bin sh n        gt   usr sbin sudo         chmod  x  usr sbin sudo        fi

User · Answer

Just got it  As regan pointed out  I had to add the user to the sudoers group  But the main reason was I d forgotten to update the repositories cache  so apt-get couldn t find the sudo package  It s working now  Here s the completed code   FROM ubuntu 12 04  RUN apt-get update  amp  amp          apt-get -y install sudo  RUN useradd -m docker  amp  amp  echo  docker docker    chpasswd  amp  amp  adduser docker sudo  USER docker CMD  bin bash

User · Answer

The other answers didn t work for me  I kept searching and found a blog post that covered how a team was running non-root inside of a docker container    Here s the TL DR version   RUN apt-get update     amp  amp  apt-get install -y sudo  RUN adduser --disabled-password --gecos    docker RUN adduser docker sudo RUN echo   sudo ALL  ALL  NOPASSWD ALL   gt  gt   etc sudoers  USER docker    this is where I was running into problems with the other approaches RUN sudo apt-get update    I was using FROM node 9 3 for this  but I suspect that other similar container bases would work as well

User · Answer

This may not work for all images  but some images contain a root user already  such as in the jupyterhub singleuser image   With that image it s simply   USER root RUN sudo apt-get update

User · Answer

For anyone who has this issue with an already running container  and they don t necessarily want to rebuild  the following command connects to a running container with root privileges  docker exec -ti -u root container name bash  You can also connect using its ID  rather than its name  by finding it with  docker ps -l  To save your changes so that they are still there when you next launch the container  or docker-compose cluster   docker commit container id image name  To roll back to a previous image version  warning  this deletes history rather than appends to the end  so to keep a reference to the current image  tag it first using the optional step   docker history image name docker tag latest image id my descriptive tag name    optional docker tag desired history image id image name  To start a container that isn t running and connect as root  docker run -ti -u root --entrypoint  bin bash image id or name -s  To copy from a running container  docker cp  lt containerId gt   file path within container  host path target  To export a copy of the image  docker save container   gzip  gt   dir file tar gz  Which you can restore to another Docker install using  gzcat  dir file tar gz   docker load  It is much quicker but takes more space to not compress  using  docker save container   dir file tar  And  cat dir file tar   docker load

User · Answer

If SUDO or apt-get is not accessible inside the Container  You can use  below option in running container   docker exec -u root -it f83b5c5bf413 ash    f83b5c5bf413   is my container ID  amp  here is working example from my terminal

User · Answer

if you want to connect to container and install something  using apt-get  first as above answer from our brother  Tom     Z  lusk     docker exec -u root -t -i container id  bin bash   then try to      RUN apt-get update or apt-get  anything you want    it worked with me  hope it s useful for all

User · Answer

Unlike accepted answer  I use usermod instead   Assume already logged-in as root in docker  and  fruit  is the new non-root username I want to add  simply run this commands   apt update  amp  amp  apt install sudo adduser fruit usermod -aG sudo fruit   Remember to save image after update  Use docker ps to get current running docker s  lt CONTAINER ID gt  and  lt IMAGE gt   then run docker commit -m  added sudo user   lt CONTAINER ID gt    lt IMAGE gt  to save docker image   Then test with   su fruit sudo whoami   Or test by direct login ensure save image first  as that non-root user when launch docker   docker run -it --user fruit  lt IMAGE gt  sudo whoami   You can use sudo -k to reset password prompt timestamp   sudo whoami   No password prompt sudo -k   Invalidates the user s cached credentials sudo whoami   This will prompt for password

[docker] How to use sudo inside a docker container?

Examples related to docker

Examples related to sudo

Examples related to linux-containers