Starting a process in the Dockerfile

My problem is the following: I need to start a container with the dnsmasq service running (but that could be any service). The hard point is that I created a user in my image, so when I create a container out of it, it starts with my custom user (no root).

Therefore, how can I start a service that requires root privileges (sudo service dnsmasq start), with a non-root user ?

  • How am I supposed to use a Postgresql docker image/container?
  • fetch all maven dependencies including plugin dependencies
  • Enable CORS on Cloudant local
  • How to check if docker is running or not
  • How to remove all docker volumes?
  • Getting “ECONNREFUSED” error after booting my computer. I'm using an express server and I'm trying to see that i can make requests
  • Possible solutions:

    • be able to start a container with the service already running. From What I understand, this is not possible to start a service in a Dockerfile, because it doesn’t retain the state, only the FS
    • start the container as root, start the service, then switch back to the user. That could work, but potentially a security issue
    • let my custom user have the right to start the service by himself. How to do that ?
    • don’t use a custom user (probably the easiest way, but hey ? Where’s the fun in that ? :))

    Any other solution ?

  • How to force reading docker-compose.override.yml file all the time?
  • Configure dockerfile with postgres
  • Browser services' container in Docker Swarm mode
  • permission issue with docker under windows
  • Ember CLI build killed
  • Docker data volume container. I can't seem to get to backup
  • 2 Solutions collect form web for “Starting a process in the Dockerfile”

    Thanks to Rickkwa comment, I was able to fix the problem:

    In the Dockerfile (as root):

    # Install and configure Dnsmasq
    RUN apt-get update && apt-get install -y dnsmasq
    # Need to add a new line
    RUN echo '' >> /etc/dnsmasq.conf
    # See https://github.com/nicolasff/docker-cassandra/issues/8
    RUN echo 'user=root' >> /etc/dnsmasq.conf
    # Add the needed route
    RUN echo 'address=/my-domain.com/<my_ip>' >> /etc/dnsmasq.conf
    
    # Allow my user's group to start the service
    RUN echo ''%${group}' ALL=NOPASSWD:/usr/sbin/service dnsmasq *' >> /etc/sudoers
    
    # Switch to the right user, that belongs to the group ${group}
    USER ${user}
    

    Then, when your container starts (in the entrypoint, for instance), add the following line:

    sudo service dnsmasq start
    

    Remember the NOPASSWD in the /etc/sudoers files ? This prevents the system asking for the user’s password when we launch the service.

    What about using entrypoint, that run shell script to do what you want

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.