Right now by default Nomad launch the container as root (my Nomad process is also running as root). Is there a way to tell Nomad to launch containers as non-root? One way to do it is to change the user in my Dockerfile to non-root. I am looking for an equivalent option of docker run --user user:group
The docker driver does not support it, which appears to be an oversight! The other drivers use the task user configuration to set the system user, but the docker driver ignores this setting. I’ve created https://github.com/hashicorp/nomad/issues/6519 to track support for this setting. In the meantime, the workaround you suggested (setting it in a dockerfile) seems like the right approach. Thanks!
use “gosu” (see github) and do a root step-down from an entrypoint script. Thats how we do it
Nomad does actually support running docker contained processes as a non-root user, via the task > user configuration option. The issue above was resolved with a documentation update.
1 Like