running comands as non-root user while using docker-maven plugin

0 votes

I'm building a docker image using docker-maven plugin. The maven command is to be executed using jenkins. The jenkins.war is deployed on tomcat instead of a separate application, running in a non-root instance. Docker needs root access therefore maven commands will be run in root and because of that jenkins and tomcat will also run in root which is bad practice. I guess I can either run docker as a non-root user(I don't know how to do that) or run jenkins as root(unable do that ever since I switched env variable/config).

any solution is appreciated, thank you

Apr 30, 2018 in DevOps Tools by Atul
• 10,240 points
530 views

1 answer to this question.

0 votes

Docker needs root access therefore maven commands will be run in root

not necessarily, you can run docker with -u (--user) parameter to run it as a non-root user inside a container

I guess I can either run docker as a non-root user

If you add the user(on host) to the docker group, you can use the docker service with the said user

As you said so yourself it not secure, look through the following

Especially, have a look at these points

  • If there’s a known uid that the process inside the container is executing as, it could be as simple as restricting access to the host system so that the uid from the container has limited access.
  • The better solution is to start containers with a known uid using the--user (you can use a username also, but remember that it’s just a friendlier way of providing a uid from the host’s username system), and then limiting access to the uid on the host that you’ve decided the container will run as.
  • Because of how uids and usernames (and gids and group names) map from a container to the host, specifying the user that a containerized process runs as can make the process appear to be owned by different users inside vs outside the container.
answered Apr 30, 2018 by ajs3033
• 7,280 points

Related Questions In DevOps Tools

0 votes
1 answer

Maven deploy “Release Note” as artifact

Using both @SpaceTrucker and @khmarbaise, came up with the following ...READ MORE

answered Jun 19, 2018 in DevOps Tools by Atul
• 10,240 points
141 views
0 votes
1 answer

Maven deploy Release Note as artifact

The following solution will do the trick: <profiles> ...READ MORE

answered Jun 22, 2018 in DevOps Tools by Atul
• 10,240 points
45 views
0 votes
1 answer

How do I deploy to multiple servers using the same context root?

  If you're deploying to multiple servers ...READ MORE

answered Jul 2, 2018 in DevOps Tools by Kalgi
• 40,460 points
48 views
+1 vote
1 answer

I’m facing problems while setting up Maven. How do I solve this?

First of all check if you don't ...READ MORE

answered Jul 25, 2018 in DevOps Tools by Sophie may
• 9,530 points
38 views
0 votes
1 answer
0 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 56,520 points
155 views
+4 votes
2 answers

Jenkins not showing Maven Release Plugin

Make your project type Maven Project. This ...READ MORE

answered Oct 11, 2018 in DevOps Tools by Hannah
• 14,070 points
709 views
0 votes
1 answer