I would like to start some Docker containers as a different Linux user. I can do this by specifying a fixed
USER step in the
Dockerfile, but sometimes I need to run a command as a user with more permissions. Another approach is to wrap my commands with
su -c "<command>" <user>, but then it’s difficult to pass all of the env vars to this new shell.
su - or
su -p doesn’t seem to work properly with
rbash (it doesn’t apply any restrictions.)
So it would be great if the
convox.yml service supported a
user key, so that I can specify the Linux user for this container. (I tried this but it didn’t seem to have any effect.)
Can this be done with labels?