Develop Reference

How to configure Dockerfile for non-root user but give them access privileges to write to a file in the root dir?

New to linux and working on containerizing our stack and essentially here is the problem that I am running into with the code below:
a) I have to execute this dockerfile as a non-root user for elastic search to work (requirement)
b)If I add USER $USERNAME to the bottom of the script before CMD i get the error:
"mkdir: cannot create directory ‘/root’: Permission denied
Can not write to /root/.m2/copy_reference_file.log. Wrong volume permissions? Carrying on"
c) If I remove the USER $USERNAME from the bottom of the file then I get the elastic search issue referenced above.
What I am asking is, how can I fix this in my dockerfile?
# Custom image from Maven on DockerHub
# Language: dockerfile
FROM maven:3.6.3-amazoncorretto-8
# Set the working dir
WORKDIR /app
# Create a non root user
ARG USERNAME=jefferson
ARG USER_UID=1000
ARG USER_GID=$USER_UID
# Add linux dependenciesq
RUN yum install wget -y
RUN yum install shadow-utils -y
# Create the user
RUN groupadd --gid $USER_GID $USERNAME \
&& useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
&& yum install sudo -y \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 777 /etc/sudoers.d/$USERNAME \
&& sudo groupadd docker \
&& sudo usermod -aG docker $USERNAME \
&& newgrp docker
# Change to the root folder and edit the settings.xml for Maven
WORKDIR /root/.m2
RUN rm -rf settings.xml
RUN echo '<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" \
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 \
http://maven.apache.org/xsd/settings-1.0.0.xsd"> \
</settings>' >> settings.xml
WORKDIR /app
COPY . ./
USER $USERNAME
# Run the application
CMD ["mvn", "clean", "verify", "-Pcargo.run", "-X"]

If i understand well your needs, on the official docker maven image give you have a way to follow :
Why not fully use a non-root user to run maven (and not trying to write in the root directory) ?
at this page : https://hub.docker.com/_/maven under the header named
Running as non-root
it tells you to use a MAVEN_CONFIG env var and to add the -Duser.home= flag when calling maven to run maven without using the root user
here is the full Dockerfile modified using this way (from your own Dockerfile):
# Custom image from Maven on DockerHub
# Language: dockerfile
FROM maven:3.6.3-amazoncorretto-8
# Set the working dir
WORKDIR /app
# Create a non root user
ARG USERNAME=jefferson
ARG USER_UID=1000
ARG USER_GID=$USER_UID
# Add linux dependenciesq
RUN yum install wget -y
RUN yum install shadow-utils -y
ENV MAVEN_CONFIG=/var/maven/.m2
# Create the user
RUN groupadd --gid $USER_GID $USERNAME \
&& useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
&& yum install sudo -y \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 600 /etc/sudoers.d/$USERNAME \
&& sudo groupadd docker \
&& sudo usermod -aG docker $USERNAME \
&& newgrp docker
# Change to the root folder and edit the settings.xml for Maven
WORKDIR "/var/maven/.m2"
RUN rm -rf settings.xml \
&& chown $USER_UID:$USER_GID .
RUN echo '<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" \
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 \
http://maven.apache.org/xsd/settings-1.0.0.xsd"> \
</settings>' >> settings.xml
WORKDIR /app
COPY . ./
USER $USERNAME
# Run the application
CMD ["mvn", "clean", "verify", "-Duser.home=/var/maven", "-Pcargo.run", "-X"]
the rights of the sudoers file you added was too permissive so i changed it to 600.
as an example :
with the following command line (you don't have to run this command line in your case because the example command line given (on the maven docker image site) is just starting a new container with interactive mode and mounting volumes)
docker run -v ~/.m2:/var/maven/.m2 -ti --rm -u 1000 -e MAVEN_CONFIG=/var/maven/.m2 maven mvn -Duser.home=/var/maven archetype:generate

How to install Java 9 and Gradle in a Docker image

I try to install OpenJDK9 and Gradle 4.5.1 in a Docker image.
This is my Dockerfile:
FROM ubuntu:latest
MAINTAINER Hari Sekhon (https://www.linkedin.com/in/harisekhon)
LABEL Description="Java + Ubuntu (OpenJDK)"
ENV DEBIAN_FRONTEND noninteractive
ARG JAVA_VERSION=9
ARG JAVA_RELEASE=JDK
ENV JAVA_HOME=/usr
RUN bash -c ' \
set -euxo pipefail && \
apt-get update && \
pkg="openjdk-$JAVA_VERSION"; \
if [ "$JAVA_RELEASE" = "JDK" ]; then \
pkg="$pkg-jdk-headless"; \
else \
pkg="$pkg-jre-headless"; \
fi; \
apt-get install -y --no-install-recommends "$pkg" && \
apt-get clean'
CMD /bin/bash
#install Gradle
RUN wget -q https://services.gradle.org/distributions/gradle-4.5.1-bin.zip \
&& unzip gradle-4.5.1-bin.zip -d /opt \
&& rm gradle-4.5.1-bin.zip
# Set Gradle in the environment variables
ENV GRADLE_HOME /opt/gradle-4.5.1
ENV PATH $PATH:/opt/gradle-4.5.1/bin
And I am getting an error:
ubuntu#automation-ubuntu-17:~/dockerFiles$ The command '/bin/sh -c
bash -c ' set -euxo pipefail && apt-get update &&
pkg="openjdk-$JAVA_VERSION"; if [ "$JAVA_RELEASE" = "JDK" ]; then
pkg="$pkg-jdk-headless"; else pkg="$pkg-jre-headless";
fi; apt-get install -y --no-install-recommends "$pkg" &&
apt-get clean'' returned a non-zero code: 100

The ubuntu:latest tag is currently ubuntu:18.04 (bionic), which only contains the java packages for openjdk-8-jdk-headless and openjdk-11-jdk-headless but not openjdk-9-jdk-headless (which has already reached end-of-life, at least for public updates).
openjdk-9-jdk-headless is available in ubuntu:16.04 (xenial), though.
I got the build working by switching to ubuntu:16.04, and also adding wget and unzip to the list of packages to install as they are subsequently used to download and unpack gradle but are not installed by default.
FROM ubuntu:16.04
MAINTAINER Hari Sekhon (https://www.linkedin.com/in/harisekhon)
LABEL Description="Java + Ubuntu (OpenJDK)"
ENV DEBIAN_FRONTEND noninteractive
ARG JAVA_VERSION=9
ARG JAVA_RELEASE=JDK
ENV JAVA_HOME=/usr
RUN bash -c ' \
set -euxo pipefail && \
apt-get update && \
pkg="openjdk-$JAVA_VERSION"; \
if [ "$JAVA_RELEASE" = "JDK" ]; then \
pkg="$pkg-jdk-headless"; \
else \
pkg="$pkg-jre-headless"; \
fi; \
apt-get install -y --no-install-recommends wget unzip "$pkg" && \
apt-get clean'
CMD /bin/bash
#install Gradle
RUN wget -q https://services.gradle.org/distributions/gradle-4.5.1-bin.zip \
&& unzip gradle-4.5.1-bin.zip -d /opt \
&& rm gradle-4.5.1-bin.zip
# Set Gradle in the environment variables
ENV GRADLE_HOME /opt/gradle-4.5.1
ENV PATH $PATH:/opt/gradle-4.5.1/bin

Check if Onion URL is live

I am making an Android application in Java. There is an onion Url that I want to check is live or not. Basically, Onion Url is mapped to an IP-address, so is there any Java library or API that can assist in determining this check?
Any help in this regard will be appreciated.
Thanks.

You need to have a server on which the tor will work and already give from it either the desired status or the page that you need. For the site tor-sites.link we did the proxying of the tor through the tor launched into the container and the express.js server. You can see how it works at previewer. Schematically, it looks like this:
HTTP request
express.js server
request to tor
returning a response to the client
This way you can get data from the onino site.
Dockerfile:
FROM node:slim
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
RUN apt-get update && apt-get install gnupg wget -y && \
wget --quiet --output-document=- https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/google-archive.gpg && \
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' && \
apt-get update && \
apt-get install google-chrome-stable -y --no-install-recommends && \
apt-get install tor -y --no-install-recommends && \
apt-get install torsocks -y --no-install-recommends && \
apt-get install curl gnupg && \
rm -rf /var/lib/apt/lists/*
WORKDIR /usr/src/app
RUN mkdir src
RUN mkdir tmp
COPY ./src ./src
COPY ./package.json \
./ecosystem.config.js \
./tsconfig.json \
./
RUN npm i -g pm2 npm#9.2.0
RUN yarn && yarn build
RUN rm -rf src
#HEALTHCHECK --start-period=150s --interval=300s --retries=99999 --timeout=120s CMD curl --fail http://localhost:3000/healthcheck || kill 1
EXPOSE 3000
CMD ["pm2-runtime", "start", "ecosystem.config.js"]

Docker - Running Apache and Multiple JARs

I need to Run Apache and Two JAR files on different ports(say 80 for apache, 8080 and 8070 for two JAR Tomcat's) in a Docker Image. The problem is, three of them are not starting in parallel. I have shared my DockerFile. What are the changes that need to be done here?
Dockerfile
FROM phusion/baseimage:0.9.17
CMD ["/sbin/my_init"] && ["service", "apache2", "start"]
RUN echo "deb http://archive.ubuntu.com/ubuntu trusty main universe" > /etc/apt/sources.list
RUN apt-get -y update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y -q python-software-properties software-properties-common
ENV JAVA_VER 8
ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
RUN echo 'deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main' >> /etc/apt/sources.list && \
echo 'deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main' >> /etc/apt/sources.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C2518248EEA14886 && \
apt-get update && \
echo oracle-java${JAVA_VER}-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections && \
apt-get install -y --force-yes --no-install-recommends oracle-java${JAVA_VER}-installer oracle-java${JAVA_VER}-set-default && \
apt-get clean && \
rm -rf /var/cache/oracle-jdk${JAVA_VER}-installer && \
apt-get -y install apache2
RUN update-java-alternatives -s java-8-oracle
RUN echo "export JAVA_HOME=/usr/lib/jvm/java-8-oracle" >> ~/.bashrc
RUN echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf
RUN sudo a2enconf fqdn
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ADD File1.jar /root/File1.jar
ADD File2.jar /root/File2.jar
# Add File1 service
RUN mkdir /etc/service/File1
ADD start-File1.sh /etc/service/File1/run
RUN chmod +x /etc/service/File1/run
# Add File2 service
RUN mkdir /etc/service/File2
ADD start-File2.sh /etc/service/File2/run
RUN chmod +x /etc/service/File2/run

Installing openjdk in docker removes basic linux commands

I aim to make a docker image that contains qt-android and android-studio tool. I took like base for dockerfile this one, and, instead of installing software-properties-common, I've put to install build-essential and libgl1­-mesa­-dev. Both Java and theses libraries were installed with success, but, then, basic commands like mkdir, ls, cd turned to be unrecognizable, making docker build process return with code 127 (command not found).
Why does this occurs?

I found that I couldn't even get your Dockerfile to display the issue without making some changes earlier in the image. The bit that was actually your problem though is:
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
ENV PATH JAVA_HOME/bin
ENV CLASSPATH JAVA_HOME/lib/tools.jar
ENV MANPATH JAVA_HOME/man
RUN export JAVA_HOME PATH CLASSPATH MANPATH
Should become:
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
ENV PATH $PATH:$JAVA_HOME/bin
ENV CLASSPATH $JAVA_HOME/lib/tools.jar
ENV MANPATH $JAVA_HOME/man
This is because when you set the PATH you shouldn't remove the current contents of it (hence $PATH:) and you want to add the value of the JAVA_HOME variable rather than the literal string JAVA_HOME (hence $JAVA_HOME/bin).
Also, anything you set with ENV you will not need to export as it will be available for every process in your image.
I also had to install some packages to make add-apt-repository available but I'm not 100% sure if this is because ubuntu:latest refers to a different image on my system (possibly you should consider using a tag for the specific version you wish to use like ubuntu:xenial).
I also had to install wget & I corrected a number of places where you were using wget -O - where you didn't mean to (as you clearly wanted to write the files to disk).
The full Dockerfile which I used & was able to get to successfully build (I didn't test running it as I'm not sure on expected behaviour & don't speak your language) is:
# BASED ON : https://hub.docker.com/r/picoded/ubuntu-openjdk-8-jdk/~/dockerfile/
FROM ubuntu:latest
MAINTAINER Inacio Medeiros <inaciogmedeiros#gmail.com>
USER root
# Install the python script required for "add-apt-repository"
RUN apt-get update
RUN apt-get install build-essential libgl1-mesa-dev -y --force-yes
# Sets language to UTF8 : this works in pretty much all cases
ENV LANG pt_BR.UTF-8
RUN locale-gen $LANG
# Install add-apt-repository
RUN apt-get install software-properties-common python-software-properties wget -y --force-yes
# INSTALL JAVA
# ==============================================================
# Setup the openjdk 8 repo
RUN add-apt-repository ppa:openjdk-r/ppa
# Install java8
RUN apt-get update && apt-get install openjdk-8-jdk -y --force-yes
# Setup JAVA_HOME and other environment variables, this is useful for docker commandline
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
ENV PATH $PATH:$JAVA_HOME/bin
ENV CLASSPATH $JAVA_HOME/lib/tools.jar
ENV MANPATH $JAVA_HOME/man
# ==============================================================
# Install QT Android
# ==============================================================
RUN mkdir /var/tmp/qt-android \
&& cd /var/tmp/qt-android \
&& wget "http://download.qt.io/official_releases/qt/5.5/5.5.0/qt-opensource-linux-x64-android-5.5.0-2.run" \
&& chmod 777 qt-opensource-linux-x64-android-5.5.0-2.run
CMD /var/tmp/qt-android/qt-opensource-linux-x64-android-5.5.0-2.run
RUN cd /var/tmp/qt-android \
&& cd .. \
&& rm -rf /var/tmp/qt-android
# ==============================================================
# Install Ant
RUN apt-get install ant -y --force-yes
# Install SDK
RUN mkdir /opt/android-sdk \
&& cd /opt/android-sdk \
&& wget -O - "http://dl.google.com/android/android-sdk_r24.3.4-linux.tgz" \
| tar --strip-components=1 -zxf -
#Install NDK
RUN mkdir /var/tmp/ndk \
&& cd /var/tmp/ndk \
&& wget "http://dl.google.com/android/ndk/android-ndk-r10e-linux-x86_64.bin" \
&& chmod 777 android-ndk-r10e-linux-x86_64.bin
CMD /var/tmp/ndk/android-ndk-r10e-linux-x86_64.bin
RUN cd /var/tmp/ndk \
&& cd .. \
&& rm -rf ndk
# Run SDK Update
RUN cd /opt/android-sdk/tools \
&& chmod 777 android
CMD /opt/android-sdk/tools/android update sdk
# Update libraries
RUN apt-get update && apt-get upgrade -y --force-yes
# Install libraries
RUN apt-get install -y --force-yes libstdc++6 libgcc1 zlib1g libncurses5
RUN apt-get install -y --force-yes libsdl1.2debian
# Install Android studio
# Source: https://github.com/wolfitem/docker/blob/master/Dockerfiles/android-studio/Dockerfile
RUN apt-get install unzip -y --force-yes
RUN wget 'https://dl.google.com/dl/android/studio/ide-zips/2.1.0.9/android-studio-ide-143.2790544-linux.zip' -O /tmp/studio.zip && unzip -d /opt /tmp/studio.zip && rm /tmp/studio.zip
#clean up
RUN apt-get clean
RUN apt-get purge
USER developer
CMD /opt/android-studio/bin/studio.sh
The thing which I did notice is there are a number of places where you do something like CMD /var/tmp/qt-android/qt-opensource-linux-x64-android-5.5.0-2.run where it looks like you are wanting to run /var/tmp/qt-android/qt-opensource-linux-x64-android-5.5.0-2.run. I think you have possibly misunderstood what CMD does - it doesn't actually run that command, it sets it up so that when you run a container from the image with docker run that will be the default command.
If I had to refactor the Dockerfile I would make it look more like the one below. But this currently fails to build because I changed it to actually call the things mentioned above. Currently qt-opensource-linux-x64-android-5.5.0-2.run fails because it can't find a display to connect to.
FROM ubuntu:latest
MAINTAINER Inacio Medeiros <inaciogmedeiros#gmail.com>
# Install the python script required for "add-apt-repository"
RUN apt-get update \
&& apt-get install -y --force-yes \
build-essential \
libgl1-mesa-dev \
python-software-properties \
software-properties-common \
wget \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Sets language to UTF8 : this works in pretty much all cases
ENV LANG pt_BR.UTF-8
RUN locale-gen $LANG
# INSTALL JAVA
# ==============================================================
# Setup the openjdk 8 repo
RUN add-apt-repository ppa:openjdk-r/ppa
# Install java8
RUN apt-get update \
&& apt-get install -y --force-yes \
openjdk-8-jdk \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Setup JAVA_HOME and other environment variables, this is useful for docker commandline
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
ENV PATH $PATH:$JAVA_HOME/bin
ENV CLASSPATH $JAVA_HOME/lib/tools.jar
ENV MANPATH $JAVA_HOME/man
# ==============================================================
# Install QT Android
# ==============================================================
RUN mkdir -p /var/tmp/qt-android \
&& cd /var/tmp/qt-android \
&& wget "http://download.qt.io/official_releases/qt/5.5/5.5.0/qt-opensource-linux-x64-android-5.5.0-2.run" \
&& chmod 777 qt-opensource-linux-x64-android-5.5.0-2.run \
&& /var/tmp/qt-android/qt-opensource-linux-x64-android-5.5.0-2.run \
&& cd / \
&& rm -rf /var/tmp/qt-android
# ==============================================================
# Install Ant
RUN apt-get update \
&& apt-get install -y --force-yes \
ant \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install SDK
RUN mkdir -p /opt/android-sdk \
&& cd /opt/android-sdk \
&& wget -O - "http://dl.google.com/android/android-sdk_r24.3.4-linux.tgz" \
| tar --strip-components=1 -zxf -
#Install NDK
RUN mkdir /var/tmp/ndk \
&& cd /var/tmp/ndk \
&& wget "http://dl.google.com/android/ndk/android-ndk-r10e-linux-x86_64.bin" \
&& chmod 777 android-ndk-r10e-linux-x86_64.bin \
&& /var/tmp/ndk/android-ndk-r10e-linux-x86_64.bin \
&& cd / \
&& rm -rf /var/tmp/ndk
# Run SDK Update
RUN cd /opt/android-sdk/tools \
&& chmod 777 android \
&& /opt/android-sdk/tools/android update sdk
# Update libraries
RUN apt-get update \
&& apt-get upgrade -y --force-yes \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install libraries
RUN apt-get update \
&& apt­-get install -y --force-yes \
libstdc++6 \
libgcc1 \
libsdl1.2debian \
zlib1g \
libncurses5 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install Android studio
# Source: https://github.com/wolfitem/docker/blob/master/Dockerfiles/android-studio/Dockerfile
RUN apt-get update \
&& apt-get install -y --force-yes \
unzip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN wget 'https://dl.google.com/dl/android/studio/ide-zips/2.1.0.9/android-studio-ide-143.2790544-linux.zip' -O /tmp/studio.zip \
&& unzip -d /opt /tmp/studio.zip \
&& rm /tmp/studio.zip
USER developer
CMD /opt/android-studio/bin/studio.sh
Let me know if you have any further questions and I will do my best to answer them.