stackoom
  简体   繁体   中英

Docker container exiting immediately if run as non-root user

 原文  2019-01-03 14:34:22       docker

Question

I was following this guide to run the container as non-root user. The user gpadmin is already created in the image.

But, the container exits immediately if I run the below command: 

root@dev01:~# docker run -i -d -v /tmp/$(mktemp -d):/run -p 5432:5432 -p 28080:28080 --user gpadmin --name  gpcentos-dev --hostname mdw gpdb-postgres9.4/centos /usr/sbin/sshd -D
adcaf577c0a589987b556824a3413c74381dfe4d9347467891cf47ac18b91743
root@dev01:~# docker ps -l
CONTAINER ID        IMAGE                     COMMAND               CREATED             STATUS                     PORTS               NAMES
adcaf577c0a5        gpdb-postgres9.4/centos   "/usr/sbin/sshd -D"   4 seconds ago       Exited (1) 2 seconds ago                       gpcentos-dev

But, when I run the command by skipping --user gpadmin , the container does not exit immediately. 

root@dev01:~# docker run -i -d -v /tmp/$(mktemp -d):/run -p 5432:5432 -p 28080:28080 --name  gpcentos-dev --hostname mdw gpdb-postgres9.4/centos /usr/sbin/sshd -D
24f00ec4e531168fb266e7f4616e5fa8f2829112132de211392a9040a0f52d5f
root@dev01:~# docker ps -l
CONTAINER ID        IMAGE                     COMMAND               CREATED             STATUS              PORTS                                                              NAMES
24f00ec4e531        gpdb-postgres9.4/centos   "/usr/sbin/sshd -D"   8 seconds ago       Up 7 seconds        22/tcp, 0.0.0.0:5432->5432/tcp, 80/tcp, 0.0.0.0:28080->28080/tcp   gpcentos-dev

As I understand -i -t -d should keep the container running in the background.

EDIT 1: Based on this link of docker best practices , the containers can be run as root. But, all the services should be run using a service user. So, I created a gpadmin user to start the database. 

docker run -i -d -v /tmp/$(mktemp -d):/run -p 5432:5432 -p 28080:28080 --name  gpdb-centos --hostname mdw gpdb-postgres9.4/centos /usr/sbin/sshd -D
docker exec -it gpdb-centos sh -c "su - gpadmin -c 'echo 'y' | /home/gpadmin/greenplum_start.sh' && hostname -i"

1 answers

solution1
 -1 ACCPTED  2019-01-03 14:41:32

The -i -t -d options tell docker to configure a file descriptor for input, configure the input as a pseudo tty (a terminal), and detach that container from your current command prompt. It does not guarantee the container will continue to run, that is up to the command you are running inside the container.

From your output, the command you are running appears to be "/usr/sbin/sshd -D" which would need root access to bind to port 22, read configuration files in /etc, and write to files in /var.

To debug commands failing inside containers, you should review the logs and inspect the container to see what failed and why. Commands for that are: 

docker logs $container_id
docker inspect $container_id

where $container_id would be 24f00ec4e531 in your example.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run Apache Ignite in Docker container as non-root user Docker container does not run with a non-root user How to run docker container from non-root user? Run process with non-root user in docker container unable to run docker as non-root user? Run Docker as jenkins-agent, in a docker-container, as non-root user How to run docker container as non-root user and how to share the docker image to others? How to SSH into docker container by a non-root user of that container? How to run Docker commands as non-root user in Docker in Docker? Run MySQL a prefilled docker container as random (non-root) linux user?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM