Gosu and user ?

[la0wei]

Hello! I am a newbie to docker,can't understand something about gosu and user. I found a post here https://stackoverflow.com/questions/36781372/docker-using-gosu-vs-user . That's what I can't understand.

The key problem is gosu is a tool to elevate user to root priviledges or de-elevate root to a normal user?

1.Add a user in container,and gosu elevate it to root to run process.In this situation,how we handle things like install dependency such as apt-get install ?

2.Docker container use 'root' as default,so we can install dependencies.Gosu de-elevate root to normal user to run process.But it against with that gosu is about to replace sudo in docker and sudo is to gain root priviledge.

Which is the truth?

[yosifkit]

gosu is only for de-elevating from root to a normal user. It is normally used as the last step of an entrypoint script to run the actual service as a non-root user (ie exec gosu nobody:nobody redis-server). This is useful when you need to do a few setup steps that require root (like chown a volume directory) and yet not have the service running as root. If you do not need any root access before the service starts, then USER nobody:nobody in the Dockerfile (or --user nobody:nobody on docker run) will accomplish the same thing (gosu uses the same function from runc that docker uses).