running comands as non-root user while using docker-maven plugin

0 votes

I'm building a docker image using docker-maven plugin. The maven command is to be executed using jenkins. The jenkins.war is deployed on tomcat instead of a separate application, running in a non-root instance. Docker needs root access therefore maven commands will be run in root and because of that jenkins and tomcat will also run in root which is bad practice. I guess I can either run docker as a non-root user(I don't know how to do that) or run jenkins as root(unable do that ever since I switched env variable/config).

any solution is appreciated, thank you

Apr 30, 2018 in DevOps Tools by Atul
• 10,200 points
349 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

Docker needs root access therefore maven commands will be run in root

not necessarily, you can run docker with -u (--user) parameter to run it as a non-root user inside a container

I guess I can either run docker as a non-root user

If you add the user(on host) to the docker group, you can use the docker service with the said user

As you said so yourself it not secure, look through the following

Especially, have a look at these points

  • If there’s a known uid that the process inside the container is executing as, it could be as simple as restricting access to the host system so that the uid from the container has limited access.
  • The better solution is to start containers with a known uid using the--user (you can use a username also, but remember that it’s just a friendlier way of providing a uid from the host’s username system), and then limiting access to the uid on the host that you’ve decided the container will run as.
  • Because of how uids and usernames (and gids and group names) map from a container to the host, specifying the user that a containerized process runs as can make the process appear to be owned by different users inside vs outside the container.
answered Apr 30, 2018 by ajs3033
• 7,000 points

Related Questions In DevOps Tools

0 votes
1 answer

Maven deploy “Release Note” as artifact

Using both @SpaceTrucker and @khmarbaise, came up with the following ...READ MORE

answered Jun 19, 2018 in DevOps Tools by Atul
• 10,200 points
97 views
0 votes
1 answer

Maven deploy Release Note as artifact

The following solution will do the trick: <profiles> ...READ MORE

answered Jun 22, 2018 in DevOps Tools by Atul
• 10,200 points
33 views
0 votes
1 answer

How do I deploy to multiple servers using the same context root?

  If you're deploying to multiple servers ...READ MORE

answered Jul 2, 2018 in DevOps Tools by Kalgi
• 35,750 points
35 views
+1 vote
1 answer

I’m facing problems while setting up Maven. How do I solve this?

First of all check if you don't ...READ MORE

answered Jul 25, 2018 in DevOps Tools by Sophie may
• 9,050 points
30 views
0 votes
1 answer
0 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 56,120 points
56 views
+4 votes
2 answers

Jenkins not showing Maven Release Plugin

Make your project type Maven Project. This ...READ MORE

answered Oct 11, 2018 in DevOps Tools by Hannah
• 14,080 points
465 views
0 votes
1 answer

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.