Docker container cannot be run as a non-root user
There are some reasons to run the docker container as a non-root user:
- This is generally a good security practice
- The artifacts created by the container will be owned by the user, so if we run as root, they will not be editable by the current user
Ligo's Image is not runnable by a non-root user. Please see this command:
DOCKER_DEFAULT_PLATFORM=linux/amd64 docker run --rm -v /home/alireza/temp/projs/sample19:/project:z -w /project -u $(id -u):$(id -g) ligolang/ligo:next compile contract contracts/counter.jsligo
This generates the following output:
compile contract contracts/counter.jsligo
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/root/ligo": stat /root/ligo: permission denied: unknown.
While if we remove -u $(id -u):$(id -g)
it runs successfully but ls -alh
gives:
drwxr-xr-x. 2 alireza alireza 4.0K Jun 6 14:22 .
drwxr-xr-x. 6 alireza alireza 4.0K Jun 6 13:55 ..
-rw-r--r--. 1 root root 228 Jun 6 14:22 counter.tz
Which is not editable unless I use sudo
.