Can I start docker with specified user and sudo privilege?

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.

MIT License

5.62k stars 378 forks source link

Can I start docker with specified user and sudo privilege? #300

Closed namnoit closed 3 years ago

namnoit commented 3 years ago

I want to start docker with --user=newuser, I was unable to use sudo by --sudouser. Can I specify user and start docker with sudouser for this user?

mviereck commented 3 years ago

Yes, this just works here with e.g. --user=1234 --sudouser. If it fails, please show me the failing command and the error message.

namnoit commented 3 years ago

Yes, this just works here with e.g. --user=1234 --sudouser.

Can I use a specified username instead of unknown1234, ex: --user=myname? And if I specify user, can I retain data in ~/?

mviereck commented 3 years ago

Can I use a specified username instead of unknown1234, ex: --user=myname?

You can specify an existing user (name or uid) from host.

And if I specify user, can I retain data in ~/?

With option --home the data will retain in the user's home directory.

namnoit commented 3 years ago

You can specify an existing user (name or uid) from host.

Can I specify a new username (does not exist in host)?

With option --home the data will retain in the user's home directory.

If I use --home with --user=1234, it will create a fake home (/home.tmp), and it will be cleared after I close container, while the /home directory I was unable to access to.

mviereck commented 3 years ago

Can I specify a new username (does not exist in host)?

No, only an unused uid.

If I use --home with --user=1234, it will create a fake home

In that case x11docker prints a message:

x11docker note: Option --home: Sharing a host folder is allowed only
  for container users that also exist on host.
  You can use a docker volume with --home=VOLUME instead.
  Fallback: Disabling option --home.

This means, you cannot use a host folder for --home with an unknown user uid. Instead, you can specify a docker volume, e.g. --home=dockerhome.

namnoit commented 3 years ago

:( My usecase is place some files in ~/ directory (not in /), and I need to know the absolute path of ~/ directory, e.g /home/user, to configure it (I want the home directory will be persistent regardless what machine I run, so I want to specify user to container). Do you have any suggestion for this?

mviereck commented 3 years ago

I am not sure if I understand your problem. You can preset files for HOME in /etc/skel. If you run x11docker with --home, it will set variable HOME and create a container user matching the one on host. Normally applications regard variable HOME.

If you want it to be the same on all machines, all machines must have the same host user with same name and same uid. x11docker will not create new host users but only allow to use existing ones with --home.

Alternatively you could set up a container user in the Dockerfile yourself, run x11docker with --user=RETAIN and --home=dockervolume. This will retain predefined user settings in image and store persistent files in a docker volume.