Specify which "user" shall run the job (docker-executor) (#2750) · Issues · GitLab.org / gitlab-runner

Specify which "user" shall run the job (docker-executor)

Description

By default and unless a Docker image as set a default user, an image is run as root user. So when a user select image: ruby:2.4 or image: maven:3-jdk-8, the user that will execute the ruby program or build the project will run as root.

Currently there is no way to define a default user inside the GitLab Runner's config.toml file nor to override it inside the .gitlab-ci.yml file.

Proposal

A GitLab Runner administrator shall be able to define a default user and potentially either a white- or black-list of users which defines the limits of what can be overriden within the .gitlab-ci.yml file.
e.g. default_user = "nobody"; disallow_users = ["root", "adm"] or allow_users = ["www-data"]
Note: there is always the problem of UIDs... Any contribution is welcome here.
A GitLab CI user can define in its .gitlab-ci.yml job description that the image should be jetty and that the user should be jetty as well.
e.g. image_user: jetty or something more complex:

image:
  name: jetty:latest
  user: jetty

Links to related issues and merge requests / references

None yet.