nanoserver-insider image has non-admin user as default?

%3CLINGO-SUB%20id%3D%22lingo-sub-110290%22%20slang%3D%22en-US%22%3Enanoserver-insider%20image%20has%20non-admin%20user%20as%20default%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-110290%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20want%20to%20mention%20that%20the%20microsoft%2Fnanoserver-insider%20image%20has%20the%20non-admin%20%22ContainerUser%22%20account%20as%20default.%20Is%20this%20intented%3F%3C%2FP%3E%3CP%3ERunning%20containers%20as%20non-admin%20is%20a%20good%20thing%2C%20but%20this%20default%20sometimes%20result%20in%20some%20difficulties%20while%20building%20Docker%20images%20based%20on%20nanoserver-insider.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20a%20golang%2Bgit%20nanoserver%20image%20I%20had%20to%20use%20a%20workaround%20to%20switch%20to%20ContainerAdministrator%2C%20setting%20the%20machine%20PATH%20variable%2C%20and%20switch%20back%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FStefanScherer%2Fdockerfiles-windows%2Fblob%2Fc3a6dce28d325e25d3ed993e7d2b4fabd99c3b81%2Fgolang%2FDockerfile%23L45-L47%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FStefanScherer%2Fdockerfiles-windows%2Fblob%2Fc3a6dce28d325e25d3ed993e7d2b4fabd99c3b81%2Fgolang%2FDockerfile%23L45-L47%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOtherwise%20we%20can%20only%20set%20the%20users's%20PATH%20(setx%20without%20%2FM%20option)%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FStefanScherer%2Fdockerfiles-windows%2Fblob%2Fb9c944fdcf8ceb936d41a48837afaba8fd92b372%2Fnode%2F6.11%2Fnano%2FDockerfile%23L41%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FStefanScherer%2Fdockerfiles-windows%2Fblob%2Fb9c944fdcf8ceb936d41a48837afaba8fd92b372%2Fnode%2F6.11%2Fnano%2FDockerfile%23L41%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhile%20creating%20a%20Docker%20image%20for%20the%20Docker%20swarm%20visualizer%20I%20once%20again%20had%20problems%20while%20%22npm%20run%20dist%22%20os%20I%20also%20had%20to%20prepend%20a%20%22USER%20ContainerAdministrator%22%20to%20have%20write%20access%20to%20C%3A%2Fapp%20-%20see%20the%20Dockerfile%20example%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fdockersamples%2Fdocker-swarm-visualizer%2Fpull%2F87%23issue-260104486%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fdockersamples%2Fdocker-swarm-visualizer%2Fpull%2F87%23issue-260104486%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ESo%20the%20question%20is%20if%20the%20nanoserver-insider%20image%20shouldn't%20have%20a%20value%20for%20the%20user%20just%20as%20the%20windowsservercore-insider%20image.%3C%2FP%3E%3CP%3EIf%20someone%20wants%20to%20change%20the%20user%2C%20it%20is%20possible%20by%20adding%20a%20line%20USER%20ContainerUser%20in%20the%20Dockerfile%20for%20any%20Windows%20image.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-110290%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EContainers%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

I just want to mention that the microsoft/nanoserver-insider image has the non-admin "ContainerUser" account as default. Is this intented?

Running containers as non-admin is a good thing, but this default sometimes result in some difficulties while building Docker images based on nanoserver-insider.

 

In a golang+git nanoserver image I had to use a workaround to switch to ContainerAdministrator, setting the machine PATH variable, and switch back: https://github.com/StefanScherer/dockerfiles-windows/blob/c3a6dce28d325e25d3ed993e7d2b4fabd99c3b81/g...

 

Otherwise we can only set the users's PATH (setx without /M option): https://github.com/StefanScherer/dockerfiles-windows/blob/b9c944fdcf8ceb936d41a48837afaba8fd92b372/n...

 

While creating a Docker image for the Docker swarm visualizer I once again had problems while "npm run dist" os I also had to prepend a "USER ContainerAdministrator" to have write access to C:/app - see the Dockerfile example in https://github.com/dockersamples/docker-swarm-visualizer/pull/87#issue-260104486


So the question is if the nanoserver-insider image shouldn't have a value for the user just as the windowsservercore-insider image.

If someone wants to change the user, it is possible by adding a line USER ContainerUser in the Dockerfile for any Windows image.

 

0 Replies