Search code examples
linuxdockerubuntudockerfile

Getting code 2 while building with dockerfile

I had a working dockerfile, but I wanted to upgrade it so that the container would not run from the root user. Here is the initial version of the dockerfile:

FROM something/openjdk-17:1.13-1

WORKDIR /opt/app

COPY ./build/libs/*.jar app.jar

CMD java ${JAVA_OPTS:- -Xmx1G} -jar app.jar

Then, I tried to add a user, grant him rights and run the container on his behalf.

FROM something/openjdk-17:1.13-1

RUN adduser -D myuser && chown -R myuser /opt/app
WORKDIR /opt/app

COPY ./build/libs/*.jar app.jar

USER myuser
CMD java ${JAVA_OPTS:- -Xmx1G} -jar app.jar

However, I got:

The command '/bin/sh -c adduser -D myuser && chown -R myuser /opt/app' returned a non-zero code: 2
Process exited with code 2

What could be the problem?

Solution

  • 3 problems in your Dockerfile:

    • Trying to give permission before creating directory (opt/app). Please move WORKDIR /opt/app before chown
    • Please use useradd instead of adduser
    • Please be careful about which user you are adding (you added trmonbs, but used myuser)

    Sample (Dockerfile):

    FROM openjdk:11

WORKDIR /opt/app

RUN useradd -r myuser && chown -R myuser /opt/app

COPY *.jar app.jar

USER myuser

CMD java ${JAVA_OPTS:- -Xmx1G} -jar app.jar

    Creating myuser with root rights:

    RUN useradd -r -g root myuser && chown -R myuser:root /opt/app

    Output:

    PC:~/javatest$ docker build -t testjdk .
Sending build context to Docker daemon  6.656kB
Step 1/6 : FROM openjdk:11
 ---> 47a932d998b7
Step 2/6 : WORKDIR /opt/app
 ---> Running in eaad102b776e
Removing intermediate container eaad102b776e
 ---> 1937a6e2eed8
Step 3/6 : RUN useradd -r myuser && chown -R myuser /opt/app
 ---> Running in fc0d7c5ebc1d
Removing intermediate container fc0d7c5ebc1d
 ---> 56ddcf8fbbb4
Step 4/6 : COPY *.jar app.jar
 ---> 9004394fd9d9
Step 5/6 : USER myuser
 ---> Running in ae35fb0fc285
Removing intermediate container ae35fb0fc285
 ---> 797ee3ec3215
Step 6/6 : CMD java ${JAVA_OPTS:- -Xmx1G} -jar app.jar
 ---> Running in e5f3814f11a7
Removing intermediate container e5f3814f11a7
 ---> 676d4cdc37d8
Successfully built 676d4cdc37d8
Successfully tagged testjdk:latest
PC:~/javatest$ docker run testjdk
My Java App

    Output2 (to check whether it has root rights or not, after adding myuser with root rights):

    PC:~/javatest$ docker run -it --rm testjdk2 bash -c 'id && exec bash'
uid=999(myuser) gid=0(root) groups=0(root)
myuser@b9a82e60eff2:/opt/app$