Starting a process in the Dockerfile

My problem is the following: I need to start a container with the dnsmasq service running (but that could be any service). The hard point is that I created a user in my image, so when I create a container out of it, it starts with my custom user (no root).

Therefore, how can I start a service that requires root privileges (sudo service dnsmasq start), with a non-root user ?

  • Docker Swarm - strategy doesn't seem to have any effect
  • Client cannot connect (https) to WebSocket server through nginx reverse proxy
  • Can Docker containers (NOT Docker images) be moved?
  • export the IBM Docker container images in the registry
  • Where can I find the list of Docker format template variables?
  • docker - NGINX Proxy + Let's encrypt
  • Possible solutions:

    • be able to start a container with the service already running. From What I understand, this is not possible to start a service in a Dockerfile, because it doesn’t retain the state, only the FS
    • start the container as root, start the service, then switch back to the user. That could work, but potentially a security issue
    • let my custom user have the right to start the service by himself. How to do that ?
    • don’t use a custom user (probably the easiest way, but hey ? Where’s the fun in that ? :))

    Any other solution ?

  • How do I point a docker image to my .m2 directory for running maven in docker on a mac?
  • Run tests inside Docker container with Jenkins
  • Using PyCharm's remote debugger on remote machines inside docker
  • Docker: google/docker-registry container usage
  • Docker unable to process Dockerfile
  • Can't add schema for postgres inside docker
  • 2 Solutions collect form web for “Starting a process in the Dockerfile”

    Thanks to Rickkwa comment, I was able to fix the problem:

    In the Dockerfile (as root):

    # Install and configure Dnsmasq
    RUN apt-get update && apt-get install -y dnsmasq
    # Need to add a new line
    RUN echo '' >> /etc/dnsmasq.conf
    # See https://github.com/nicolasff/docker-cassandra/issues/8
    RUN echo 'user=root' >> /etc/dnsmasq.conf
    # Add the needed route
    RUN echo 'address=/my-domain.com/<my_ip>' >> /etc/dnsmasq.conf
    
    # Allow my user's group to start the service
    RUN echo ''%${group}' ALL=NOPASSWD:/usr/sbin/service dnsmasq *' >> /etc/sudoers
    
    # Switch to the right user, that belongs to the group ${group}
    USER ${user}
    

    Then, when your container starts (in the entrypoint, for instance), add the following line:

    sudo service dnsmasq start
    

    Remember the NOPASSWD in the /etc/sudoers files ? This prevents the system asking for the user’s password when we launch the service.

    What about using entrypoint, that run shell script to do what you want

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.