Setting up Ubuntu Docker container with a new user
Introduction
Docker is a tool that simplifies the process of managing application processes in containers, which are instances of images (similar to objects, which are instances of classes). Containers let you run your applications in resource-isolated processes. They’re similar to virtual machines, but containers are more portable, more resource-friendly, and more dependent on the host operating system [1]. In this post, we will set up an Ubuntu Docker container with a new user. This is helpful in situations where you need to restrict the container user’s permissions, enhancing security and preventing accidental damage to the system. We’ll start by installing docker
.
Install docker
Before installing docker
, we need to install a few dependencies:
sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg -y
We then need to trust the repository certificates and add the repository to our repository list:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
Now we can install docker
with the following command:
sudo apt install docker-ce
Finally, we can optionally add ourselves (our user) to the docker
user group, which will save us having to use sudo
for all docker
commands. In what follows, we assume this command has been executed:
sudo usermod -aG docker ${USER}
Log in again so changes are applied:
su - ${USER}
pull
the Ubuntu image
Docker containers are created from Docker images. By default, Docker retrieves these images from Docker Hub, a registry managed by Docker, the company that develops the Docker platform. Since Docker Hub allows anyone to host their images, you can find most applications and Linux distributions available there [1].
In order to download the latest Ubuntu image, run the following command:
docker pull ubuntu
Great! You can now create as many containers as you need from this image.
Start the Ubuntu container
Now that we have the Ubuntu image, we can create a container and enter its interactive terminal by running:
docker run -it ubuntu
Your command prompt will change to indicate that you are now inside the container, displaying a prompt looking something like this:
root@d9b100f2f636:/#
The identifier after the @
is the container ID. Remember this container ID, as you’ll need it later to identify the container and, for example, remove it.
Create a new user
You can now run any command within the container, but the current user is root
, which poses many security risks. To mitigate these risks, let’s create a new user with restricted permissions. Start by running the following command (change the username john
to whatever you prefer):
useradd -m john
The -m
option creates a home
directory for the user. Check that the user has been created by running the command:
id john
The output should be something like:
uid=1001(john) gid=1001(john) groups=1001(john)
Set a password for the user:
passwd john
You will be prompted to type the password twice and that’s it, your user is created!
Install sudo
Before logging in to the new user, it is a good idea to install sudo
, as this will enable you to execute commands that require root privileges from the newly created user using the password you just created. To install sudo
, run:
apt update && apt install sudo -y
We then need to add the user to the sudoers group. To do that, we also need to install adduser
:
apt install adduser && adduser john sudo
You can then login to the new user with the command:
su - john
Done!