Skip to content

Instantly share code, notes, and snippets.

Last active October 14, 2024 14:34
Show Gist options
  • Save yogeek/bc8dc6dadbb72cb39efadf83920077d3 to your computer and use it in GitHub Desktop.
Save yogeek/bc8dc6dadbb72cb39efadf83920077d3 to your computer and use it in GitHub Desktop.
Gosu usage in Docker
set -e
# Change uid and gid of node user so it matches ownership of current dir
if [ "$MAP_NODE_UID" != "no" ]; then
if [ ! -d "$MAP_NODE_UID" ]; then
uid=$(stat -c '%u' "$MAP_NODE_UID")
gid=$(stat -c '%g' "$MAP_NODE_UID")
echo "dev ---> UID = $uid / GID = $gid"
export USER=dev
usermod -u $uid dev 2> /dev/null && {
groupmod -g $gid dev 2> /dev/null || usermod -a -G $gid dev
echo "**** GOSU dev $@ ..."
exec /usr/local/bin/gosu dev "$@"
FROM ubuntu
RUN apt-get install ...
# grab gosu for easy step-down from root
RUN set -x \
&& curl -sSLo /usr/local/bin/gosu "$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& curl -sSLo /usr/local/bin/gosu.asc "$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true
# Add local user 'dev'
RUN groupadd -r dev --gid=9001 && useradd -r -g dev --uid=9001 dev
# Grant him sudo privileges
RUN echo "dev ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/dev && \
chmod 0440 /etc/sudoers.d/dev
# Do stuff with this user if needed
USER dev
ENV HOME /home/dev
RUN ...
# Repass root
USER root
# Copy entrypoint
COPY /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/"]
CMD ["bash"]
# Add local user
# Either use the LOCAL_USER_ID if passed in at runtime or
# fallback
echo "Starting with UID : $USER_ID"
useradd --shell /bin/bash -u $USER_ID -o -c "" -m user
export HOME=/home/user
exec /usr/local/bin/gosu user "$@"
FROM alpine
RUN apk add --update --no-cache su-exec && \
rm -rf /var/cache/apk/*
# Add entrypoint to dynamically change user uid when a container is started
COPY /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/"]
Copy link

mohsas commented Jan 23, 2024

What is the value of $MAP_NODE_UID? From where we get it? IS it from --build-arg?
Could you please add 2 commands: The first how to build an image and the second how to run our container

Copy link

mohsas commented Jan 23, 2024

In su-exec_alpine file you used the last command exec /usr/local/bin/gosu user "$@"
Was it installed gosu? Or it is installed with su-exec?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment