Managing users and permissions in a docker build

Hi there - can’t seem to find any info on how to add a user specification to a docker image built with nix. I’d like to add a custom user that will be used to run the container instead of root. Any hints very much appreciated!

edit: I missed this part of the manual :man_facepalming: : NixOS - Nixpkgs 21.05 manual

This does require runAsRoot which means I cannot build a layered image - is there some way to avoid this?

I’m not an expert on using Nix to produce Docker images, but the process is split into two operations, even with the standard Docker tools, i.e. first you create the new user so that you can configure the files to be owned by it, and then you have to configure the containers produced by this image to be run as that particular user by default.

The first setting can be done in a first layer of a multi layered image by using buildImage & shadowSetup then setting the runtime user by setting the corresponding entry into the config attr.

1 Like

indeed I ended up solving it by having a small initial image that does the user configuration and using that as the fromImage for the layered image build. It works quite well and self-optimizes by reusing tons of layers across my images.