I would like to start some Docker containers as a different Linux user. I can do this by specifying a fixed USER step in the Dockerfile, but sometimes I need to run a command as a user with more permissions. Another approach is to wrap my commands with su -c "<command>" <user>, but then it’s difficult to pass all of the env vars to this new shell. su - or su -p doesn’t seem to work properly with rbash (it doesn’t apply any restrictions.)
So it would be great if the convox.yml service supported a user key, so that I can specify the Linux user for this container. (I tried this but it didn’t seem to have any effect.)
Can this be done with labels?