Introduction

Docker is a tool that simplifies the process of managing application processes in containers, which are instances of images (similar to objects, which are instances of classes). Containers let you run your applications in resource-isolated processes. They’re similar to virtual machines, but containers are more portable, more resource-friendly, and more dependent on the host operating system [1]. In this post, we will set up an Ubuntu Docker container with a new user. This is helpful in situations where you need to restrict the container user’s permissions, enhancing security and preventing accidental damage to the system. We’ll start by installing docker.

Install docker

Before installing docker, we need to install a few dependencies:

sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg -y

We then need to trust the repository certificates and add the repository to our repository list:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"

Now we can install docker with the following command:

sudo apt install docker-ce

Finally, we can optionally add ourselves (our user) to the docker user group, which will save us having to use sudo for all docker commands. In what follows, we assume this command has been executed:

sudo usermod -aG docker ${USER}

Log in again so changes are applied:

su - ${USER}

pull the Ubuntu image

Docker containers are created from Docker images. By default, Docker retrieves these images from Docker Hub, a registry managed by Docker, the company that develops the Docker platform. Since Docker Hub allows anyone to host their images, you can find most applications and Linux distributions available there [1].

In order to download the latest Ubuntu image, run the following command:

docker pull ubuntu

Great! You can now create as many containers as you need from this image.

Start the Ubuntu container

Now that we have the Ubuntu image, we can create a container and enter its interactive terminal by running:

docker run -it ubuntu

Your command prompt will change to indicate that you are now inside the container, displaying a prompt looking something like this:

root@d9b100f2f636:/#

The identifier after the @ is the container ID. Remember this container ID, as you’ll need it later to identify the container and, for example, remove it.

Create a new user

You can now run any command within the container, but the current user is root, which poses many security risks. To mitigate these risks, let’s create a new user with restricted permissions. Start by running the following command (change the username john to whatever you prefer):

useradd -m john

The -m option creates a home directory for the user. Check that the user has been created by running the command:

id john

The output should be something like:

uid=1001(john) gid=1001(john) groups=1001(john)

Set a password for the user:

passwd john

You will be prompted to type the password twice and that’s it, your user is created!

Install sudo

Before logging in to the new user, it is a good idea to install sudo, as this will enable you to execute commands that require root privileges from the newly created user using the password you just created. To install sudo, run:

apt update && apt install sudo -y

We then need to add the user to the sudoers group. To do that, we also need to install adduser:

apt install adduser && adduser john sudo

You can then login to the new user with the command:

su - john

Done!