Starting a process in the Dockerfile

My problem is the following: I need to start a container with the dnsmasq service running (but that could be any service). The hard point is that I created a user in my image, so when I create a container out of it, it starts with my custom user (no root).

Therefore, how can I start a service that requires root privileges (sudo service dnsmasq start), with a non-root user ?

  • In docker-compose how to create an alias / link to localhost?
  • Docker link between varnish and wordpress not working
  • Can I automate a Docker image build for a public repo I'm not a member of?
  • Apache Mesos's Docker Containerizer
  • Difference between container restart due to liveness problems or due to stop request
  • Docker missing log4net ConsoleAppender logs
  • Possible solutions:

    • be able to start a container with the service already running. From What I understand, this is not possible to start a service in a Dockerfile, because it doesn’t retain the state, only the FS
    • start the container as root, start the service, then switch back to the user. That could work, but potentially a security issue
    • let my custom user have the right to start the service by himself. How to do that ?
    • don’t use a custom user (probably the easiest way, but hey ? Where’s the fun in that ? :))

    Any other solution ?

  • Docker opencv3 Cmake errors
  • bash syntax error while running docker command
  • Cannot get SSL to work in Docker container
  • Building a docker image for a node.js app fails behind proxy
  • Docker private registry | TLS certificate issue
  • Accessing apache2 residing inside Docker container from Host machine web browser
  • 2 Solutions collect form web for “Starting a process in the Dockerfile”

    Thanks to Rickkwa comment, I was able to fix the problem:

    In the Dockerfile (as root):

    # Install and configure Dnsmasq
    RUN apt-get update && apt-get install -y dnsmasq
    # Need to add a new line
    RUN echo '' >> /etc/dnsmasq.conf
    # See https://github.com/nicolasff/docker-cassandra/issues/8
    RUN echo 'user=root' >> /etc/dnsmasq.conf
    # Add the needed route
    RUN echo 'address=/my-domain.com/<my_ip>' >> /etc/dnsmasq.conf
    
    # Allow my user's group to start the service
    RUN echo ''%${group}' ALL=NOPASSWD:/usr/sbin/service dnsmasq *' >> /etc/sudoers
    
    # Switch to the right user, that belongs to the group ${group}
    USER ${user}
    

    Then, when your container starts (in the entrypoint, for instance), add the following line:

    sudo service dnsmasq start
    

    Remember the NOPASSWD in the /etc/sudoers files ? This prevents the system asking for the user’s password when we launch the service.

    What about using entrypoint, that run shell script to do what you want

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.