In my docker container I am running a command as a specific user like this from
sudo -u appuser "$@"
This works fine, however, it doesn't set any of the environment variables that get created by using the
--link option while running the container.
Is it possible to set all environment variables that exist for a root user to some other specific user (in this example
Note: related question to this discussion. This is the reason I can't just use the
USER command How to give non-root user in Docker container access to a volume mounted on the host
sudo command, because it is designed as a tool for privilege escalation, intentionally sanitizes the environment before switching to a new user id. If you take a look at the
sudo man page, you'll find:
-E, --preserve-env Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment.
So instead of
sudo -u appuser somecommand, just use
sudo -E -u appuser somecommand.
runuser command is provided by the
util-linux package in recent versions of Ubuntu, and does not perform any environment initialization by default. For example:
$ docker pull ubuntu $ docker run -it --rm ubuntu /bin/bash root@ded49ffde72e:/# runuser --help Usage: runuser [options] -u <user> <command> runuser [options] [-] [<user> [<argument>...]] [...]
This is with Ubuntu Xenial (but the
runuser command also appears to be available on
ubuntu:vivid, but is not available under
So your options are:
sudo -E, or</li> <li>Use a more recent Ubuntu image</li> </ul>