Docker: Running Linux Container with a Non-Root user

Arun Kumar Singh
Feb 28 · 5 min read

Part-1: Linux Container as a Process

Part-2: Running a Docker Container

arun@controller:~$ sudo docker run -it ubuntu bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
83ee3a23efb7: Already exists
db98fc6f11f0: Already exists
f611acd52c6c: Already exists
Digest: sha256:703218c0465075f4425e58fac086e09e1de5c340b12976ab9eb8ad26615c3715
Status: Downloaded newer image for ubuntu:latest
root@27e9f62a1021:/# whoami
Ubuntu Container
arun@controller:~$ ps -ef  | grep ubuntu
root 3245 2669 0 18:27 pts/0 00:00:00 sudo docker run -it ubuntu bash
root 3247 3245 0 18:27 pts/0 00:00:00 docker run -it ubuntu bash

arun@controller:~$ ps -ef | grep 27e9
root 3289 1 0 18:27 ? 00:00:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 27e9f62a10215ae0584b7131c03672817987b547c8440bd762f37d9c4f826ef5 -address /run/containerd/containerd.sock

Part-3: Rootless Containers

Part-4: Can I run Rootless Docker?

Part-5: Pre rootless Docker era (Overriding user at runtime)

arun@controller:~$ sudo docker run --rm -it -u $(id -u ${USER}):$(id -g ${USER}) ubuntu bash 
groups: cannot find name for group ID 1000
I have no name!@186e2848baf1:/$ whoami
whoami: cannot find name for user ID 1000
I have no name!@186e2848baf1:/$ id
uid=1000 gid=1000 groups=1000


