Users cannot be added to the docker container

In recent years, with the rapid development of cloud computing and containerization technology, Docker has become one of the most popular container technologies. However, although Docker has been widely used, there are still some common problems that need to be solved when using Docker containers. One of the problems is that users cannot be added within the Docker container.

Why can't I add users to the Docker container?

First we need to understand how Docker works internally. Docker uses the Linux kernel namespace to achieve isolation between processes. These namespaces include PID namespace, UTS namespace, network namespace, etc. Among them, user namespace is used to isolate users and user group IDs. By default, Docker containers use the UID and GID of the host user namespace. This means that in the container, you cannot use commands such as useradd to create a user, because when you create a new user, there is no corresponding UID and GID in the namespace in the container.

How to add users to the Docker container?

To add users to the Docker container, we need to perform some additional operations. Specifically, we need to enable the user namespace by modifying the container's configuration file, specify an independent UID and GID for the user namespace, and map the root user in the container to the user of the namespace.

Taking Ubuntu as an example, use the following command in the container to enable the user namespace:

sysctl kernel.unprivileged_userns_clone=1

This command will allow non-privileged users to clone the user namespace. Next, we need to specify an independent UID and GID for the user namespace, and map the root user in the container to the user of the namespace, use the following command:

echo "namespace    id  range" > /etc/subuid
echo "namespace    id  range" > /etc/subgid

where namespace is the user The namespace ID of the namespace, id is the initial UID and GID of the user namespace, and range is the number of users allowed in the user namespace.

Next, we need to use the adduser command to create a new user and add the user to the container:

adduser --uid 1000 --gid 1000 myuser

Among them, --uid and --gid The parameters add the user to the separate UID and GID namespaces we defined earlier.

Summary

The problem of being unable to add users in a Docker container can be solved by enabling the user namespace and specifying independent UID and GID for the namespace. While this requires some extra work, the increase in safety and isolation is worth it. As container technology continues to develop, we believe that simpler and more convenient solutions will emerge in the future.

The above is the detailed content of Users cannot be added to the docker container. For more information, please follow other related articles on the PHP Chinese website!