docker container with user created, where on host










0















I have a dockerfile with a user created so it is not running as root(best pratice)



FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app

# Copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore

# Copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out

# Build runtime image
FROM microsoft/dotnet:aspnetcore-runtime

RUN groupadd -g 1001 appuser && useradd -r -u 1001 -g appuser appuser
USER appuser

WORKDIR /app
COPY --from=build-env /app/out .
ENTRYPOINT ["dotnet", "ConsoleApp32.dll"]


I build the image and run the container:



docker build -f Dockerfile1 -t myappimage .
docker run -d --name myapp myappimage


And then check it running:



ps aux | grep dotnet
21569 1001 0:00 dotnet ConsoleApp32.dll


So running as uid 1001.
I then check host for this user:



cut -d: -f1 /etc/passwd
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
man
postmaster
cron
ftp
sshd
at
squid
xfs
games
postgres
cyrus
vpopmail
ntp
smmsp
guest
nobody
dockremap


No sign of appuser. My understanding(which may be wrong) is we are using a shared Kernel and user should be in list.
I also looked up uid



getent passwd 1001


Which returned no result.
Can someone explain this, as I dont understand how a process is running on host as a uid of 1001 and there is no associated user










share|improve this question


























    0















    I have a dockerfile with a user created so it is not running as root(best pratice)



    FROM microsoft/dotnet:sdk AS build-env
    WORKDIR /app

    # Copy csproj and restore as distinct layers
    COPY *.csproj ./
    RUN dotnet restore

    # Copy everything else and build
    COPY . ./
    RUN dotnet publish -c Release -o out

    # Build runtime image
    FROM microsoft/dotnet:aspnetcore-runtime

    RUN groupadd -g 1001 appuser && useradd -r -u 1001 -g appuser appuser
    USER appuser

    WORKDIR /app
    COPY --from=build-env /app/out .
    ENTRYPOINT ["dotnet", "ConsoleApp32.dll"]


    I build the image and run the container:



    docker build -f Dockerfile1 -t myappimage .
    docker run -d --name myapp myappimage


    And then check it running:



    ps aux | grep dotnet
    21569 1001 0:00 dotnet ConsoleApp32.dll


    So running as uid 1001.
    I then check host for this user:



    cut -d: -f1 /etc/passwd
    root
    bin
    daemon
    adm
    lp
    sync
    shutdown
    halt
    mail
    news
    uucp
    operator
    man
    postmaster
    cron
    ftp
    sshd
    at
    squid
    xfs
    games
    postgres
    cyrus
    vpopmail
    ntp
    smmsp
    guest
    nobody
    dockremap


    No sign of appuser. My understanding(which may be wrong) is we are using a shared Kernel and user should be in list.
    I also looked up uid



    getent passwd 1001


    Which returned no result.
    Can someone explain this, as I dont understand how a process is running on host as a uid of 1001 and there is no associated user










    share|improve this question
























      0












      0








      0








      I have a dockerfile with a user created so it is not running as root(best pratice)



      FROM microsoft/dotnet:sdk AS build-env
      WORKDIR /app

      # Copy csproj and restore as distinct layers
      COPY *.csproj ./
      RUN dotnet restore

      # Copy everything else and build
      COPY . ./
      RUN dotnet publish -c Release -o out

      # Build runtime image
      FROM microsoft/dotnet:aspnetcore-runtime

      RUN groupadd -g 1001 appuser && useradd -r -u 1001 -g appuser appuser
      USER appuser

      WORKDIR /app
      COPY --from=build-env /app/out .
      ENTRYPOINT ["dotnet", "ConsoleApp32.dll"]


      I build the image and run the container:



      docker build -f Dockerfile1 -t myappimage .
      docker run -d --name myapp myappimage


      And then check it running:



      ps aux | grep dotnet
      21569 1001 0:00 dotnet ConsoleApp32.dll


      So running as uid 1001.
      I then check host for this user:



      cut -d: -f1 /etc/passwd
      root
      bin
      daemon
      adm
      lp
      sync
      shutdown
      halt
      mail
      news
      uucp
      operator
      man
      postmaster
      cron
      ftp
      sshd
      at
      squid
      xfs
      games
      postgres
      cyrus
      vpopmail
      ntp
      smmsp
      guest
      nobody
      dockremap


      No sign of appuser. My understanding(which may be wrong) is we are using a shared Kernel and user should be in list.
      I also looked up uid



      getent passwd 1001


      Which returned no result.
      Can someone explain this, as I dont understand how a process is running on host as a uid of 1001 and there is no associated user










      share|improve this question














      I have a dockerfile with a user created so it is not running as root(best pratice)



      FROM microsoft/dotnet:sdk AS build-env
      WORKDIR /app

      # Copy csproj and restore as distinct layers
      COPY *.csproj ./
      RUN dotnet restore

      # Copy everything else and build
      COPY . ./
      RUN dotnet publish -c Release -o out

      # Build runtime image
      FROM microsoft/dotnet:aspnetcore-runtime

      RUN groupadd -g 1001 appuser && useradd -r -u 1001 -g appuser appuser
      USER appuser

      WORKDIR /app
      COPY --from=build-env /app/out .
      ENTRYPOINT ["dotnet", "ConsoleApp32.dll"]


      I build the image and run the container:



      docker build -f Dockerfile1 -t myappimage .
      docker run -d --name myapp myappimage


      And then check it running:



      ps aux | grep dotnet
      21569 1001 0:00 dotnet ConsoleApp32.dll


      So running as uid 1001.
      I then check host for this user:



      cut -d: -f1 /etc/passwd
      root
      bin
      daemon
      adm
      lp
      sync
      shutdown
      halt
      mail
      news
      uucp
      operator
      man
      postmaster
      cron
      ftp
      sshd
      at
      squid
      xfs
      games
      postgres
      cyrus
      vpopmail
      ntp
      smmsp
      guest
      nobody
      dockremap


      No sign of appuser. My understanding(which may be wrong) is we are using a shared Kernel and user should be in list.
      I also looked up uid



      getent passwd 1001


      Which returned no result.
      Can someone explain this, as I dont understand how a process is running on host as a uid of 1001 and there is no associated user







      docker containers






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 15 '18 at 11:17









      NoelNoel

      1,65432552




      1,65432552






















          1 Answer
          1






          active

          oldest

          votes


















          0














          The user ID is shared with the host: it’s 1001. The name of that user comes from looking it up in the /etc/passwd file. Since the host and container have different filesystem spaces, they have different passwd files; the kernel doesn’t know anything about a user’s name.



          The corresponding FAQ: it doesn’t matter if you have users named pat on both the host and in the container; if their numeric user IDs don’t match up, and you’re on Linux, and you’re trying to share content with docker run -v, one user won’t be able to access the other’s files.






          share|improve this answer






















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53318282%2fdocker-container-with-user-created-where-on-host%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            The user ID is shared with the host: it’s 1001. The name of that user comes from looking it up in the /etc/passwd file. Since the host and container have different filesystem spaces, they have different passwd files; the kernel doesn’t know anything about a user’s name.



            The corresponding FAQ: it doesn’t matter if you have users named pat on both the host and in the container; if their numeric user IDs don’t match up, and you’re on Linux, and you’re trying to share content with docker run -v, one user won’t be able to access the other’s files.






            share|improve this answer



























              0














              The user ID is shared with the host: it’s 1001. The name of that user comes from looking it up in the /etc/passwd file. Since the host and container have different filesystem spaces, they have different passwd files; the kernel doesn’t know anything about a user’s name.



              The corresponding FAQ: it doesn’t matter if you have users named pat on both the host and in the container; if their numeric user IDs don’t match up, and you’re on Linux, and you’re trying to share content with docker run -v, one user won’t be able to access the other’s files.






              share|improve this answer

























                0












                0








                0







                The user ID is shared with the host: it’s 1001. The name of that user comes from looking it up in the /etc/passwd file. Since the host and container have different filesystem spaces, they have different passwd files; the kernel doesn’t know anything about a user’s name.



                The corresponding FAQ: it doesn’t matter if you have users named pat on both the host and in the container; if their numeric user IDs don’t match up, and you’re on Linux, and you’re trying to share content with docker run -v, one user won’t be able to access the other’s files.






                share|improve this answer













                The user ID is shared with the host: it’s 1001. The name of that user comes from looking it up in the /etc/passwd file. Since the host and container have different filesystem spaces, they have different passwd files; the kernel doesn’t know anything about a user’s name.



                The corresponding FAQ: it doesn’t matter if you have users named pat on both the host and in the container; if their numeric user IDs don’t match up, and you’re on Linux, and you’re trying to share content with docker run -v, one user won’t be able to access the other’s files.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 15 '18 at 14:16









                David MazeDavid Maze

                15.2k31430




                15.2k31430





























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53318282%2fdocker-container-with-user-created-where-on-host%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    How to read a connectionString WITH PROVIDER in .NET Core?

                    Node.js Script on GitHub Pages or Amazon S3

                    Museum of Modern and Contemporary Art of Trento and Rovereto