@@ -49,6 +49,7 @@ RUN apt-get -o APT::Retries=5 install -y --no-install-recommends \
rsync \
shellcheck \
subversion \
+ sudo \
unzip \
wget \
&& \
@@ -60,7 +61,9 @@ RUN sed -i 's/# \(en_US.UTF-8\)/\1/' /etc/locale.gen && \
/usr/sbin/locale-gen
RUN useradd -ms /bin/bash br-user && \
- chown -R br-user:br-user /home/br-user
+ chown -R br-user:br-user /home/br-user && \
+ printf 'br-user ALL=NOPASSWD: /bin/su -\n' >/etc/sudoers.d/br-user && \
+ chmod 0440 /etc/sudoers.d/br-user
USER br-user
WORKDIR /home/br-user
When our Dockerfiles (and images) get reused by users, they might need to locally add new packages or tweak the iamge to heir local needs. It is posisble to become root in the container, but implies running a second command from another terminal, like so: (term-1) $ ./utils/docker-run $ colordiff --version bash: colordiff: command not found (termn-2) $ docker exec -u 0:0 -ti NAME sh # apt install -y colordiff $ colordiff --version diff (GNU diffutils) 3.7 [...] Usually, however, people are a bit lazy and prefer to go the traditional way of using sudo. ;-) So, register the br-user to become root by running (exactly!): $ sudo su - This will allow acutally becoing root without prompting for a password, but no other command will be accepted, and no other paramter will be accepted either, so that it is still possible to catch packages that try to run sudo as part of their build/install process. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> --- support/docker/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)