Permission required to run java under non-root user in Google Container Engine

I don’t have problem to run Java with root user.


/usr/java/jre1.8.0_101/bin/java -jar /app/ts.jar

  • Recompile Symfony container manually
  • Why does Docker have a daemon?
  • docker behind proxy doesn't use system proxy info
  • AWR ALB health check fails when redirecting http request to https on django nginx server
  • Docker: connection reset by peer
  • Ubuntu nginx container 403 forbidden
  • Because the application is deployed into docker container, so I need run it with non-root user.

    First I create a user in the docker container

    useradd --user-group -m  --shell /bin/false ts2_app; 
    chown -R ts2_app:ts2_app /app;
    chown -R ts2_app:ts2_app /usr/java/jre1.8.0_101;
    chmod -R +r /app;
    chmod -R +r /usr/java/jre1.8.0_101;
    

    Then try to launch it with

    runuser -l ts2_app -c "/usr/java/jre1.8.0_101/bin/java -jar /app/ts.jar"

    or

    su - ts2_app -c "/usr/java/jre1.8.0_101/bin/java -jar /app/ts.jar"

    I don’t have any problem in my local environment, but if I deploy the docker container to GCE, it can’t be started.

    Then I inspect into the docker container, try to execute the above command.
    Here is the summary

    1. No problem to run as root in my local docker container
    2. No problem to run as non-root in my local docker container
    3. No problem to run as root in Google Container Engine’s container.
    4. Problem occurs when run it as non-root in Google Container Engine’s container.

    The runuser and su command just quits right after execution, there is no error. And I can’t see the java process in ps command.

    I have many other containers which run the processes with non-root account, I don’t know why this one fails. Does anyone know any other minimal permission required by java?

  • Remote Debugging From Local to Remote Host Docker Container
  • Installing github hosted npm dependencies with Docker
  • Docker: Nginx + PHP-FPM and multiple sites
  • Bluemix Container shutdown issue
  • Use docker for day to day development with Rails
  • Docker Swarm with image versions externalized to .env file
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.