JIYIK CN >

When developing an application, we usually have different users interacting with the system to perform different functions. These users have permissions that enable them to perform functions based on their roles.

请注意, some super users can perform all functions in the system because they have been assigned all roles in the system. Similarly, we can create users for Docker containers and set permissions for users to ensure that they can only perform specific tasks in the container.

These enhance the security of the container because we can restrict access to critical parts of the container to superusers, and also track which user was interacting with the system when a specific event occurred.

In this article, we will learn how to add users to a Docker container by implementing an Express application that returns an array of products.

Create a quick app

Open WebStorm IDEA and select File > New > Project. Select Node.js and change the project name in the Location section from Untitled to Product API.

You should already have the node runtime environment installed so the node interpreter and package manager sections can be automatically added from your computer. Press the button labeled "Create" to generate the project.

To install Express, open a new terminal window on WebStorm using the keyboard shortcut Alt+F12 and install the dependencies using the following npm command.

~/WebstormProjects/product-api$ npm install express

Create a file called index.js in the current folder and copy and paste the following code into the file.

const express = require('express')
const app = express()
const port = 3000

app.get('/', (req, res) => {
    res.json(
        [
            {
                name: 'Iphone 13 Pro',
                price: 1500.67
            },
            {
                name: 'Samsung Galaxy A53',
                price: 1300.56
            },
        ])
})

app.listen(port, () => {
    console.log(`Example app listening on port ${port}`)
})

In this file, we have created an Express application that returns an array of products when we make a GET request to / on the browser. Note that this application exposes port 3000, which helps us serve the application.

Create a Docker image of your application

Create a file named Dockerfile in the product-api folder and copy and paste the following code into the file.

FROM node:latest
RUN groupadd admin &&\
    useradd mary -g admin -s /bin/sh
WORKDIR /com/product
ADD package*.json ./
RUN npm install
ADD . .
USER mary
CMD node index.js

In this file, we node:latestcreated an image of our application using as the base image. The RUN instruction after the FROM instruction creates a group called admin and adds a user called mary to this group.

We use a backslash \ to continue the command to the next line. Note that the commands to create groups and users are all Linux commands, including groupaddand useradd.

Another important directive in this file is the USER directive, which sets the default user that will be used for the remainder of the session.

We can also set the default group, although this is optional. The Docker documentation provides detailed usage of the remaining instructions.

Build the image

To build the image, open a new terminal window using the keyboard shortcut Alt+F12 and then use the following command to create an image called product-api.

~/WebstormProjects/product-api$ docker build --tag product-api:latest .

This command executes the files named Dockerfile in order, starting with the first one, as shown in the terminal window below. The dot . at the end of the command shows the location of the Dockerfile file, which in this case is in the current folder.

 => [1/6] FROM docker.io/library/node:latest@sha256:bb3b9f1867edba6d8892758889e43b2f0205ebbd381969a2c45577d38281  95.4s
 => => resolve docker.io/library/node:latest@sha256:bb3b9f1867edba6d8892758889e43b2f0205ebbd381969a2c45577d38281a  0.1s
 => [2/6] RUN groupadd admin &&    useradd mary -g admin -s /bin/sh                                                6.3s
 => [3/6] WORKDIR /com/product                                                                                     0.9s
 => [4/6] ADD package*.json ./                                                                                     0.7s
 => [5/6] RUN npm install                                                                                          7.1s
 => [6/6] ADD . .

Running the container

After building the image, run a container named product-service from this image using the following command.

~/WebstormProjects/product-api$ docker run --name product-service -d -p 3030:3000 product-api:latest

This command runs a container that maps port 3000 to port 3030 on the local host because the container is being used locally.

Verify that the user has been created

To verify that the user has been created, use the following command, which allows us to execexecute commands from within a running container using the command.

~/WebstormProjects/product-api$ docker exec -it product-service /bin/sh

Since we specified WORKDIR as /com/product, the command runs in this directory. If we do not specify a directory, the command will run in the default directory.

This command executes an interactive Bash shell. We can use the Bash session to execute commands on the running container. Execute the following command on the running container to verify the user group as follows.

$ id mary

Output:

uid=1001(mary) gid=1001(admin) groups=1001(admin)

We have seen that the container has a user named mary, from a group called admin, allowing us to change permissions as needed.

Get data from the container

Open any browser and make a request to localhost:3030 (http://localhost:3030/) to verify that our application is working as expected. Make sure the request returns the products API that we created in the index.js file as shown below.

[
    {
    "name": "Iphone 13 Pro",
    "price": 1500.67
    },
    {
    "name": "Samsung Galaxy A53",
    "price": 1300.56
    }
]

Summarize

In this article, we have learned how to add users to a container using Dockerfile. We have also learned how to add users to a group, as users belong to a specific group in an organization.

请注意, there are different ways to achieve the same result, so feel free to use whichever method meets your requirements.