Docker does not care about user permissions. Why?
I have a docker file userPermissionDenied.df, here is its content:
FROM busybox:1.29
USER 1000:1000
ENTRYPOINT ["nc"]
CMD ["-l", "-p", "80", "0.0.0.0"]
I run the following commands:
> docker image build -t fooimg -f userPermissionDenied.df .
> docker container run fooimg
Now I expect the following output:
> nc: bind: Permission denied
But I am not getting any output at all:
the container just hangs. Why?
I am learning Docker through the Docker in Action by Jeff Nickoloff and that is where I got the use case from.
Given that you are running the nc command as a non-root user (due to the USER 1000:1000 directive in your Dockerfile), you might expect to see a "permission denied" error of some sort when nc tries to bind port 80.
In earlier versions of Docker that is exactly what would have happened, but a few years ago Docker was modified so that containers run with net.ipv4.ip_unprivileged_port_start=0, which means there are no longer any "privileged ports": any UID can bind any port.
You can see this setting by running sysctl inside a container:
$ docker run -it --rm -u 1000:1000 alpine sysctl -a |grep net.ipv4.ip_unprivileged_port_start
net.ipv4.ip_unprivileged_port_start = 0
the container just hangs. Why?
The container isn't "hanging"; it is successfully running nc -l -p 80, which is waiting for a connection to the container on port 80. If you were to use curl or some other tool to connect to port 80 in that container, it would display any data send over the connection and then the container would exit when the connection is closed.
- How to fix ctrl+c inside a docker container
- machine learning python app in docker with anaconda for k8s
- How to mount docker socket as volume in docker container with correct group
- AWS Fargate Angular dockerize application not exposed to public ip
- Error connecting to Postgres database, but can connect on pgadmin
- Connecting a flask container to a Redis container over Kubernetes
- docker push error: denied: requested access to the resource is denied
- Developing with docker and vscode, sometimes the intellisense works sometimes it doesn't
- Nextflow on GCP - waiting on container error
- How do you connect to postgres running in a Docker container on OSx?
- How to Dockerize a tomcat app
- How to use sudo inside a docker container?
- Docker Redis Connection refused
- why doesn't chown work in Dockerfile?
- How to see docker build "RUN command" stdout? (docker for windows)
- ng not found error when building Angular project using dockerfile
- Cron in postgresql:alpine docker container
- Docker command not found when running on Mac
- Strange memory/IO errors when building nextjs/node app inside docker
- MSSQL container fails to start when mapping volumes after upgrading to WSL2
- broadcast UDP from docker (on Windows host) does not make it to the LAN
- MySQL docker container stuck reloading
- Unable to push Docker image into GCP container registry [permission error]
- How to load initial realm in keycloak server with docker?
- Docker Swarm can't download images automatically from private registry
- Permission issue with PostgreSQL in docker container
- Docker: COPY failed: file not found in build context (Dockerfile)
- docker mysql with Error: connect ECONNREFUSED
- Where is a mysql volume db-data:/var/lib/mysql/data stored?
- How to add --init parameter to AWS ECS Task