linux - Use sudo inside Dockerfile (Alpine) - Stack Overflow (https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico?v=ec617d715196) (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (Stack Overflow) (/opensearch.xml) (https://stackoverflow.com/questions/49225976/use-sudo-inside-dockerfile-alpine) (https://cdn.sstatic.net/Shared/stacks.css?v=d6a266655a25) (https://cdn.sstatic.net/Sites/stackoverflow/primary.css?v=ec52730b1ded) (Feed for question 'Use sudo inside Dockerfile (Alpine)') (/feeds/question/49225976) (https://cdn.sstatic.net/Shared/Channels/channels.css?v=5981bb1a5bd7)  (https://accounts.google.com/gsi/style)  (site logo) Join Stack Overflow    By clicking “Sign up”, you agree to our (/legal/terms-of-service/public) terms of service and acknowledge you have read our (/legal/privacy-policy) privacy policy .  (521fc0611cf2efc993bfc13d4c342af418a87e925d158cd4fb653a9e6ff0ea00) (1) (2.0)      Sign up with Google    Sign up with GitHub     OR (521fc0611cf2efc993bfc13d4c342af418a87e925d158cd4fb653a9e6ff0ea00) (1) () () () () () () Email   Password (8+ characters (at least 1 letter & 1 number))      Sign up      Already have an account? (/users/login) Log in         (521fc0611cf2efc993bfc13d4c342af418a87e925d158cd4fb653a9e6ff0ea00) ()     Skip to main content     (https://stackoverflow.com) Stack Overflow  (https://stackoverflow.co/) About  Products   (https://stackoverflow.co/teams/ai/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav-bar&utm_content=overflowai) OverflowAI    (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=stack-overflow-for-teams) Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers   (https://stackoverflow.co/advertising/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=stack-overflow-advertising) Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand   (https://stackoverflow.co/teams/ai/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=overflow-ai) OverflowAI GenAI features for Teams   (https://stackoverflow.co/api-solutions/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=overflow-api) OverflowAPI Train & fine-tune LLMs   (https://stackoverflow.co/labs/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=labs) Labs The future of collective knowledge sharing   (https://stackoverflow.co/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=about-the-company) About the company (https://stackoverflow.blog/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=blog) Visit the blog    (Search…) ()    Loading…          (https://stackoverflow.com) current community        (https://stackoverflow.com) (Stack Overflow)  Stack Overflow    (https://stackoverflow.com/help) help (https://chat.stackoverflow.com/?tab=site&host=stackoverflow.com) chat     (https://meta.stackoverflow.com) (Meta Stack Overflow)  Meta Stack Overflow      your communities   (https://stackoverflow.com/users/signup?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f49225976%2fuse-sudo-inside-dockerfile-alpine) Sign up or (https://stackoverflow.com/users/login?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f49225976%2fuse-sudo-inside-dockerfile-alpine) log in to customize your list.   (https://stackexchange.com/sites) more stack exchange communities  (https://stackoverflow.blog) company blog      (Click to show search)     (https://stackoverflow.com/users/login?ssrc=head&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f49225976%2fuse-sudo-inside-dockerfile-alpine) Log in  (https://stackoverflow.com/users/signup?ssrc=head&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f49225976%2fuse-sudo-inside-dockerfile-alpine) Sign up      Let's set up your homepage Select a few topics you're interested in:   python javascript c# reactjs java android html flutter c++ node.js typescript css r php angular next.js spring-boot machine-learning sql excel ios azure docker  Or search from our full list:    (Search)        javascript  python  java  c#  php  android  html  jquery  c++  css  ios  sql  mysql  r  reactjs  node.js  arrays  c  asp.net  json  python-3.x  .net  ruby-on-rails  sql-server  swift  django  angular  objective-c  excel  pandas  angularjs  regex  typescript  ruby  linux  ajax  iphone  vba  xml  laravel  spring  asp.net-mvc  database  wordpress  string  flutter  postgresql  mongodb  wpf  windows  amazon-web-services  xcode  bash  git  oracle-database  spring-boot  dataframe  azure  firebase  list  multithreading  docker  vb.net  react-native  eclipse  algorithm  powershell  macos  visual-studio  numpy  image  forms  scala  function  vue.js  performance  twitter-bootstrap  selenium  winforms  kotlin  loops  express  dart  hibernate  sqlite  matlab  python-2.7  shell  rest  apache  entity-framework  android-studio  csv  maven  api  linq  qt  dictionary  unit-testing  asp.net-core  facebook  tensorflow  apache-spark  file  swing  class  unity-game-engine  sorting  date  authentication  go  symfony  t-sql  opencv  matplotlib  .htaccess  google-chrome  for-loop  datetime  codeigniter  http  perl  validation  sockets  google-maps  object  uitableview  xaml  oop  if-statement  visual-studio-code  cordova  ubuntu  web-services  email  android-layout  github  elasticsearch  spring-mvc  kubernetes  selenium-webdriver  ms-access  user-interface  parsing  ggplot2  pointers  machine-learning  google-sheets  c++11  security  flask  google-apps-script  ruby-on-rails-3  templates  nginx  variables  exception  sql-server-2008  gradle  debugging  tkinter  listview  delphi  jpa  asynchronous  pdf  web-scraping  haskell  jsp  ssl  amazon-s3  google-cloud-platform  jenkins  testing  xamarin  wcf  npm  batch-file  generics  ionic-framework  network-programming  unix  recursion  google-app-engine  mongoose  visual-studio-2010  .net-core  android-fragments  assembly  animation  next.js  math  session  svg  hadoop  intellij-idea  curl  django-models  join  rust  laravel-5  winapi  url  heroku  http-redirect  tomcat  google-cloud-firestore  inheritance  webpack  keras  image-processing  gcc  asp.net-mvc-4  logging  web  dom  swiftui  matrix  pyspark  actionscript-3  button  post  optimization  firebase-realtime-database  jquery-ui  iis  cocoa  xpath  d3.js  javafx  firefox  internet-explorer  xslt  caching  select  asp.net-mvc-3  opengl  events  asp.net-web-api  plot  dplyr  magento  encryption  search  stored-procedures  amazon-ec2  ruby-on-rails-4  memory  audio  canvas  multidimensional-array  jsf  random  vector  cookies  redux  facebook-graph-api  input  flash  xamarin.forms  indexing  arraylist  ipad  cocoa-touch  data-structures  video  apache-kafka  model-view-controller  serialization  jdbc  woocommerce  azure-devops  routes  razor  awk  servlets  mod-rewrite  beautifulsoup  docker-compose  excel-formula  filter  iframe  aws-lambda  design-patterns  text  django-rest-framework  visual-c++  cakephp  mobile  android-intent  react-hooks  struct  methods  groovy  mvvm  ssh  lambda  checkbox  google-chrome-extension  ecmascript-6  time  grails  installation  sharepoint  cmake  shiny  spring-security  jakarta-ee  android-recyclerview  plsql  core-data  types  meteor  android-activity  sed  websocket  bootstrap-4  activerecord  graph  replace  scikit-learn  file-upload  group-by  vim  junit  boost  deep-learning  import  sass  memory-management  error-handling  async-await  dynamic  eloquent  soap  silverlight  dependency-injection  charts  layout  apache-spark-sql  deployment  browser  gridview  svn  while-loop  google-bigquery  vuejs2  ffmpeg  dll  highcharts  view  foreach  plugins  makefile  c#-4.0  redis  reporting-services  jupyter-notebook  merge  server  unicode  https  reflection  google-maps-api-3  twitter  oauth-2.0  extjs  pytorch  axios  terminal  pip  split  cmd  mysqli  django-views  encoding  automation  database-design  netbeans  collections  hash  build  data-binding  ember.js  tcp  sqlalchemy  pdo  apache-flex  concurrency  entity-framework-core  command-line  spring-data-jpa  printing  react-redux  java-8  jestjs  service  html-table  lua  neo4j  ansible  material-ui  parameters  module  enums  visual-studio-2012  flexbox  promise  outlook  webview  firebase-authentication  web-applications  uwp  jquery-mobile  utf-8  datatable  python-requests  parallel-processing  drop-down-menu  colors  scroll  hive  scipy  tfs  count  syntax  ms-word  twitter-bootstrap-3  ssis  google-analytics  fonts  three.js  powerbi  rxjs  constructor  graphql  file-io  paypal  discord  cassandra  socket.io  graphics  compiler-errors  gwt  react-router  nlp  solr  url-rewriting  backbone.js  memory-leaks  datatables  oauth  datagridview  terraform  drupal  oracle11g  zend-framework  neural-network  knockout.js  triggers  django-forms  interface  google-api  angular-material  casting  jmeter  linked-list  path  proxy  timer  django-templates  arduino  orm  directory  visual-studio-2015  parse-platform  windows-phone-7  cron  push-notification  conditional-statements  primefaces  functional-programming  pagination  model  jar  xamarin.android  hyperlink  uiview  gitlab  visual-studio-2013  vbscript  google-cloud-functions  azure-active-directory  jwt  download  swift3  sql-server-2005  configuration  process  pygame  rspec  properties  combobox  callback  windows-phone-8  linux-kernel  safari  permissions  scrapy  raspberry-pi  scripting  emacs  clojure  x86  scope  io  compilation  mongodb-query  expo  responsive-design  nhibernate  angularjs-directive  request  azure-functions  bluetooth  3d  dns  binding  reference  architecture  discord.js  playframework  version-control  pyqt  doctrine-orm  package  get  pycharm  sql-server-2012  rubygems  f#  autocomplete  openssl  datepicker  kendo-ui  tree  jackson  controller  yii  nested  grep  xamarin.ios  static  dockerfile  statistics  transactions  datagrid  null  active-directory  uiviewcontroller  webforms  phpmyadmin  discord.py  notifications  sas  computer-vision  duplicates  mocking  youtube  nullpointerexception  yaml  menu  sum  bitmap  electron  asp.net-mvc-5  blazor  time-series  visual-studio-2008  yii2  jsf-2  css-selectors  stl  android-listview  floating-point  cryptography  ant  stream  hashmap  character-encoding  msbuild  sdk  asp.net-core-mvc  google-drive-api  selenium-chromedriver  jboss  joomla  cors  navigation  devise  anaconda  background  camera  multiprocessing  pyqt5  binary  cuda  frontend  linq-to-sql  iterator  mariadb  onclick  plotly  ios7  rabbitmq  android-jetpack-compose  android-asynctask  microsoft-graph-api  tabs  laravel-4  insert  uicollectionview  amazon-dynamodb  environment-variables  linker  console  xsd  coldfusion  upload  continuous-integration  ftp  textview  opengl-es  vuejs3  operating-system  mockito  localization  macros  formatting  xml-parsing  json.net  kivy  type-conversion  data.table  timestamp  calendar  integer  segmentation-fault  android-ndk  drag-and-drop  prolog  char  crash  jasmine  automated-tests  dependencies  geometry  android-gradle-plugin  firebase-cloud-messaging  itext  header  fortran  sprite-kit  mfc  attributes  nuxt.js  nosql  format  azure-pipelines  nestjs  odoo  db2  jquery-plugins  jenkins-pipeline  leaflet  event-handling  postman  flutter-layout  julia  annotations  keyboard  textbox  arm  visual-studio-2017  gulp  libgdx  stripe-payments  xampp  synchronization  crystal-reports  timezone  dom-events  azure-web-app-service  swagger  uikit  android-emulator  wso2  sequelize.js  namespaces  aggregation-framework  uiscrollview  jvm  google-sheets-formula  chart.js  com  subprocess  geolocation  webdriver  centos  html5-canvas  snowflake-cloud-data-platform  widget  garbage-collection  dialog  numbers  concatenation  sql-update  qml  set  windows-10  tuples  smtp  mapreduce  java-stream  ionic2  rotation  modal-dialog  spring-data  android-edittext  http-headers  doctrine  nuget  radio-button  grid  sonarqube  lucene  xmlhttprequest  internationalization  listbox  initialization  components  switch-statement  google-play  apache-camel  boolean  serial-port  ldap  ios5  youtube-api  return  gdb  latex  pivot  eclipse-plugin  tags  frameworks  containers  github-actions  dataset  asp-classic  label  foreign-keys  subquery  copy  uinavigationcontroller  c++17  delegates  google-cloud-storage  migration  struts2  base64  protractor  find  sql-server-2008-r2  queue  embedded  uibutton  arguments  composer-php  append  jaxb  zip  stack  cucumber  autolayout  ide  entity-framework-6  popup  iteration  airflow  windows-7  r-markdown  tailwind-css  ssl-certificate  vb6  gmail  hover  jqgrid  g++  udp         Next You’ll be prompted to create an account to view your personalized homepage.          (/)   Home    (/questions)   Questions    (/tags)    Tags     (/beta/discussions)   Discussions Labs     (https://chat.stackoverflow.com/?tab=all&sort=active)       Chat    (/users)   Users     (/jobs?source=so-left-nav)   Jobs    (https://stackoverflow.com/jobs/companies?so_medium=stackoverflow&so_source=SiteNav)   Companies    Collectives       Communities for your favorite technologies. (/collectives-all) Explore all Collectives     Teams () Ask questions, find answers and collaborate at work with Stack Overflow for Teams.  (https://stackoverflowteams.com/teams/create/free/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams) Try Teams for free (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams) Explore Teams   Teams      Ask questions, find answers and collaborate at work with Stack Overflow for Teams. (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams-compact) Explore Teams          Collectives™ on Stack Overflow Find centralized, trusted content and collaborate around the technologies you use most. (/collectives) Learn more about Collectives     Teams  Q&A for work Connect and share knowledge within a single location that is structured and easy to search. (https://stackoverflow.co/teams/) Learn more about Teams           (Illustration of upvote icon after it is clicked)   Hang on, you can't upvote just yet. You'll need to complete a few actions and gain 15 reputation points
        before being able to upvote. Upvoting indicates when questions and answers are useful. (https://stackoverflow.com/help/whats-reputation) What's reputation and how do I get it?  Instead, you can save this post to reference later.     Save this post for later Not now           (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (/questions/49225976/use-sudo-inside-dockerfile-alpine) Use sudo inside Dockerfile (Alpine)  (/questions/ask) Ask Question     (2018-03-11 22:51:54Z) Asked 7 years ago  Modified (?lastactivity) (2019-05-14 15:04:21Z) 5 years, 10 months ago  (Viewed 134,313 times) Viewed 134k times         This question shows research effort; it is useful and clear  (70:3:31e,16:638305c24f0ab4ad,10:1743026967,16:c69bd0255a7014f0,8:49225976,03f1c7e5e73b9ad0d8a8d700e5ca4ca167960e3af880f7200c38de2771a8c318) 38  (This question does not show any research effort; it is unclear or not useful)    (70:3:31e,16:5d1e4e29167fce63,10:1743026967,16:487bcf5234c8dc73,8:49225976,9d868fed0b9c7ff0785160d6af8b9d1e19e5806bbb4ab564800a983f5d1a0ba1)      Save this question.  (/posts/49225976/timeline)    Show activity on this post.    I have this Dockerfile ... FROM keymetrics/pm2:latest-alpine RUN apk update && \ apk upgrade && \ apk add \ bash COPY . ./ EXPOSE 1886  80 443 CMD pm2-docker start --auto-exit --env ${NODE_ENV} ecosystem.config.js   How can I execute the CMD command using sudo ? I need to do this because the port 443 is allowed only for sudo user.  (/questions/tagged/linux) (show questions tagged 'linux') linux  (/questions/tagged/docker) (show questions tagged 'docker') docker  (/questions/tagged/docker-compose) (show questions tagged 'docker-compose') docker-compose  (/questions/tagged/dockerfile) (show questions tagged 'dockerfile') dockerfile  (/questions/tagged/pm2) (show questions tagged 'pm2') pm2      (/q/49225976) (Short permalink to this question) Share  Share a link to this question     Copy link (https://creativecommons.org/licenses/by-sa/3.0/) (The current license for this post: CC BY-SA 3.0) CC BY-SA 3.0     Follow (70:3:31e,16:d7a6d6375da789f3,10:1743026967,16:5bc3818a10599635,8:49225976,36bfa8dc6813641fcf4263f1606eb1f1db4a234236697aec89ff1598d1bc0699)  Follow this question to receive notifications       asked (2018-03-11 22:51:54Z) Mar 11, 2018 at 22:51   (/users/491181/ridermansb) (ridermansb's user avatar)    (/users/491181/ridermansb) ridermansb ridermansb (reputation score 11,069) 11.1k (28 gold badges)  28  28 gold badges (121 silver badges)  121  121 silver badges (231 bronze badges)  231  231 bronze badges        11 (number of 'useful comment' votes received) 1   You are still root when CMD is executed. What makes you think that's not the case? Can you share the command line you used to start your container. – (/users/6269050/christophe-schmitz) (2,996 reputation) Christophe Schmitz  Commented (2018-03-12 00:01:48Z, License: CC BY-SA 3.0) Mar 12, 2018 at 0:01   (this comment was edited 1 time)        (number of 'useful comment' votes received) 2   Docker itself runs as root and a container will default to root unless you have a USER set in the image, which aren't in the base image or your Dockerfile. Can you explain a bit more about what you're trying to do and what is going wrong? Is there an error message? – (/users/1318694/matt) (74,999 reputation) Matt  Commented (2018-03-12 00:10:58Z, License: CC BY-SA 3.0) Mar 12, 2018 at 0:10        @ChristopheSchmitz I know that the CMD command is executed, my question is how to execute him with sudo  – (/users/491181/ridermansb) (11,069 reputation) ridermansb  Commented (2018-03-12 10:55:44Z, License: CC BY-SA 3.0) Mar 12, 2018 at 10:55        @Matt I need to execute pm2 command with sudo privileges because I need to run it with port 443.  Locally in my machine I can run pm2 with command sudo pm2 sart but to deploy my app I'm using docker and I need to run the pm2 command with sudo too – (/users/491181/ridermansb) (11,069 reputation) ridermansb  Commented (2018-03-12 10:57:03Z, License: CC BY-SA 3.0) Mar 12, 2018 at 10:57   (this comment was edited 1 time)          You are already root when CMD is executed. sudo won t help there. – (/users/6269050/christophe-schmitz) (2,996 reputation) Christophe Schmitz  Commented (2018-03-12 10:57:14Z, License: CC BY-SA 3.0) Mar 12, 2018 at 10:57        (Use comments to ask for more information or suggest improvements. Avoid answering questions in comments.)  |  (Expand to show all comments on this post) Show 6 more comments         2 Answers 2   Sorted by:  (/questions/49225976/use-sudo-inside-dockerfile-alpine?answertab=scoredesc#tab-top) Reset to default   (scoredesc) Highest score (default)  (trending) Trending (recent votes count more)  (modifieddesc) Date modified (newest first)  (createdasc) Date created (oldest first)            This answer is useful  (70:3:31e,16:dc98cd1f6409135a,10:1743026967,16:c95e7577b677757d,8:55277849,cd54897a41bb4106bff8d675dfa217f37d6da9e1122c93a0f6ad48c3267cf29a) 54  (This answer is not useful)    (70:3:31e,16:55acef5a194c7271,10:1743026967,16:6cab2bc6122f4bb7,8:55277849,9934c4751ac54591b70bb751b2275f733d2e951b35ebdd4529e707420a9e3ac7)      Save this answer.  (Loading when this answer was accepted…)     (/posts/55277849/timeline)    Show activity on this post.    The su-exec can be used in alpine.
Do add it the package, if not already available, add the following to your Dockerfile RUN apk add --no-cache su-exec   Inside your scripts you'd run inside docker you can use the following to become another user: exec su-exec <my-user> <my command>   Alternatively, you could add the more familiair sudo package while building your docker-file
Add the following to your Dockerfile that's FROM alpine RUN set -ex && apk --no-cache add sudo   After that you can use sudo sudo -u <my-user> <my command>     (/a/55277849) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     Follow (70:3:31e,16:a2bb27593cdc43e0,10:1743026967,16:a4475a29de9fae00,8:55277849,fee089a024f229eb2c357368622185db7c451f4e355173bc01556b1a8033f6b8)  Follow this answer to receive notifications       (/posts/55277849/revisions) (show all edits to this post) edited (2019-05-14 11:10:58Z) May 14, 2019 at 11:10         answered (2019-03-21 10:01:25Z) Mar 21, 2019 at 10:01   (/users/56280/gerbrand) (Gerbrand's user avatar)    (/users/56280/gerbrand) Gerbrand Gerbrand (reputation score) 1,633 (1 gold badge)  1  1 gold badge (13 silver badges)  13  13 silver badges (21 bronze badges)  21  21 bronze badges        1 (number of 'useful comment' votes received) 4   su-exec wasn't available in my alpine container. I had to modify its Dockerfile to include: RUN apk add --no-cache su-exec. sudo didn't help me as it was asking for the user's password which I didn't know. – (/users/674669/user674669) (12,442 reputation) user674669  Commented (2019-03-28 01:40:37Z, License: CC BY-SA 4.0) Mar 28, 2019 at 1:40   (this comment was edited 1 time)          (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.) Add a comment |  (Expand to show all comments on this post)             This answer is useful  (70:3:31e,16:cf5c181d9170cafa,10:1743026967,16:20a3a8347a916f6e,8:56133498,fbbfe9b92b8e1eba9588ed524a6cdce5fde499b05cfe9567b612109fcec8b08f) 38  (This answer is not useful)    (70:3:31e,16:278f3ca038a152e5,10:1743026967,16:779a41ec042b9256,8:56133498,0b039db68add5658117f75cc31a6745485643a94f9abdead36fa93420815dd8e)      Save this answer.  (Loading when this answer was accepted…)     (/posts/56133498/timeline)    Show activity on this post.    Sudo isn't shipped with Alpine images normally, and it rarely makes sense to include it inside of any container. What you need isn't sudo to bind to a low numbered port, but the root user itself, and sudo is just a common way to get root access in multi-user environments. If a container included sudo, you would need to either setup the user with a password, or allow commands to run without a password. Regardless of which you chose, you now have a privilege escalation inside the container, defeating the purpose of running the container as a normal user, so you may as well run the container as root at that point. If the upstream image is configured to run as a non-root user (unlikely since you run apk commands during the build), you can specify USER root in your Dockerfile, and all following steps will run as root by default, including the container entrypoint/cmd. If you start your container as a different user, e.g. docker run -u 1000 your_image , then to run your command as root, you'd remove the -u 1000 option. This may be an issue if you run your container in higher security environments that restrict containers to run as non-root users. If your application itself is dropping the root privileges, then including sudo is unlikely not help, unless the application itself has calls to sudo internally. If that's the case, update the application to drop root privileges after binding to the ports. Most importantly, if the only reason for root inside your container is to bind to low numbered ports, then configure your application inside the container to bind to a high numbered port, e.g. 8080 and 8443. You can map this container port to any port on the host, including 80 and 443, so the outside world does not see any impact. E.g. docker run -p 80:8080 -p 443:8443 your_image . This simplifies your image (removing tools like sudo) and increases your security at the same time.   (/a/56133498) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     Follow (70:3:31e,16:72956071fef2de93,10:1743026967,16:70aad3e60a8b3a06,8:56133498,af980cb3e9da23e2c7bded02ce264418f65f2c52b7048c06f1e9aeeb51cc92e9)  Follow this answer to receive notifications       answered (2019-05-14 15:04:21Z) May 14, 2019 at 15:04   (/users/596285/bmitch) (BMitch's user avatar)    (/users/596285/bmitch) BMitch BMitch (reputation score 265,660) 266k (50 gold badges)  50  50 gold badges (542 silver badges)  542  542 silver badges (500 bronze badges)  500  500 bronze badges        4 (number of 'useful comment' votes received) 7   thank you !  sometimes what we are looking for is not what we actually need. This was the case for me and your explanation helped me a lot ! – (/users/7103406/tudoriftimie) (1,140 reputation) TudorIftimie  Commented (2019-08-26 10:35:23Z, License: CC BY-SA 4.0) Aug 26, 2019 at 10:35        Fantastic answer, I was not aware that higher number ports didn't require root privileges. – (/users/7032312/stephen-collins) (343 reputation) Stephen Collins  Commented (2020-05-17 16:33:38Z, License: CC BY-SA 4.0) May 17, 2020 at 16:33        My current issue is that running a container as root causes my mounts to become root which is not really want i want since the developers go mad if their vendor/ folder is suddenly root.  The only somewhat reasonable fix I found was to run the container as a user but nginx as root due to the way nginx works. – (/users/1885147/menno-van-leeuwen) (436 reputation) Menno van Leeuwen  Commented (2024-08-27 08:50:57Z, License: CC BY-SA 4.0) Aug 27, 2024 at 8:50        Nginx can drop permissions. And you can do the same for your app with tools like gosu. Going the other way is a false security, since the user has all the access as the root user with an added sudo in front of the command. You should also avoid running nginx and your app in the same container, logging and failure recovery are much more difficult. – (/users/596285/bmitch) (265,660 reputation) BMitch  Commented (2024-08-27 12:19:57Z, License: CC BY-SA 4.0) Aug 27, 2024 at 12:19        (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.) Add a comment |  (Expand to show all comments on this post)       (49225976) (false) () Your Answer  (True)                                                    Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question . Provide details and share your research!  But avoid … Asking for help, clarification, or responding to other answers. Making statements based on opinion; back them up with references or personal experience.  To learn more, see our (/help/how-to-answer) tips on writing great answers .      Draft saved Draft discarded  (521fc0611cf2efc993bfc13d4c342af418a87e925d158cd4fb653a9e6ff0ea00)   Sign up or (/users/login?ssrc=question_page&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f49225976%2fuse-sudo-inside-dockerfile-alpine%23new-answer) log in       Sign up using Google     Sign up using Email and Password   (false) (false) Submit Post as a guest Name () ()    Email Required, but never shown   () ()       Post as a guest Name () ()     Email Required, but never shown   () ()       Post Your Answer  Discard  By clicking “Post Your Answer”, you agree to our (https://stackoverflow.com/legal/terms-of-service/public) terms of service and acknowledge you have read our (https://stackoverflow.com/legal/privacy-policy) privacy policy .(1)     Start asking to get answers Find the answer to your question by asking. (/questions/ask) Ask question   Explore related questions (/questions/tagged/linux) (show questions tagged 'linux') linux  (/questions/tagged/docker) (show questions tagged 'docker') docker  (/questions/tagged/docker-compose) (show questions tagged 'docker-compose') docker-compose  (/questions/tagged/dockerfile) (show questions tagged 'dockerfile') dockerfile  (/questions/tagged/pm2) (show questions tagged 'pm2') pm2    See similar questions with these tags.      The Overflow Blog      (https://stackoverflow.blog/2025/03/25/the-power-of-the-humble-embedding/?cb=1) “The power of the humble embedding”   Featured on Meta  (Meta Stack Exchange)   (https://meta.stackexchange.com/questions/407321/community-asks-sprint-announcement-march-2025?cb=1) Community Asks Sprint Announcement - March 2025   (Meta Stack Exchange)   (https://meta.stackexchange.com/questions/407547/experimenting-with-a-new-experiment-opt-out-option?cb=1) Experimenting with a new experiment opt-out option   (Meta Stack Overflow)   (https://meta.stackoverflow.com/questions/421831/policy-generative-ai-e-g-chatgpt-is-banned?cb=1) Policy: Generative AI (e.g., ChatGPT) is banned            Linked (https://stackoverflow.com/q/35068712?lq=1) (Question score (upvotes - downvotes)) 61  (https://stackoverflow.com/questions/35068712/error-listen-eacces-0-0-0-080-osx-node-js?noredirect=1&lq=1) Error: listen EACCES 0.0.0.0:80 OSx Node.js  (https://stackoverflow.com/q/54293935?lq=1) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/54293935/docker-file-owners-and-groups?noredirect=1&lq=1) Docker file owners and groups  (https://stackoverflow.com/q/51616323?lq=1) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/51616323/how-to-sudo-inside-alpine?noredirect=1&lq=1) How to sudo inside alpine?    Related (https://stackoverflow.com/q/25845538?rq=3) (Question score (upvotes - downvotes)) 524  (https://stackoverflow.com/questions/25845538/how-to-use-sudo-inside-a-docker-container?rq=3) How to use sudo inside a docker container?  (https://stackoverflow.com/q/52929058?rq=3) (Question score (upvotes - downvotes)) 3  (https://stackoverflow.com/questions/52929058/correct-method-to-create-user-in-alpine-docker-container-so-that-sudo-works-corr?rq=3) correct method to create user in alpine docker container so that sudo works correctly  (https://stackoverflow.com/q/54711502?rq=3) (Question score (upvotes - downvotes)) 7  (https://stackoverflow.com/questions/54711502/docker-compose-inside-alpine-container?rq=3) docker-compose inside Alpine container  (https://stackoverflow.com/q/55185898?rq=3) (Question score (upvotes - downvotes)) 2  (https://stackoverflow.com/questions/55185898/building-docker-image-as-non-root-user?rq=3) Building Docker image as non-root user  (https://stackoverflow.com/q/60699897?rq=3) (Question score (upvotes - downvotes)) 13  (https://stackoverflow.com/questions/60699897/how-to-make-non-root-user-as-sudo-user-in-docker-alpine-image?rq=3) how to make non root user as sudo user in docker alpine image?  (https://stackoverflow.com/q/60806756?rq=3) (Question score (upvotes - downvotes)) 13  (https://stackoverflow.com/questions/60806756/run-a-command-as-root-with-docker-compose?rq=3) Run a command as root with docker-compose?  (https://stackoverflow.com/q/61307568?rq=3) (Question score (upvotes - downvotes)) 1  (https://stackoverflow.com/questions/61307568/docker-compose-cannot-recognize-sudoers-container-file?rq=3) docker-compose cannot recognize sudoers container file  (https://stackoverflow.com/q/62110513?rq=3) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/62110513/dockerfile-and-docker-compose-with-node-alpine?rq=3) Dockerfile and docker compose with node alpine  (https://stackoverflow.com/q/69151752?rq=3) (Question score (upvotes - downvotes)) 1  (https://stackoverflow.com/questions/69151752/how-to-run-sudo-commands-in-docker?rq=3) How to run sudo commands in Docker?  (https://stackoverflow.com/q/70959256?rq=3) (Question score (upvotes - downvotes)) 2  (https://stackoverflow.com/questions/70959256/how-to-use-apt-sudo-in-alpine-based-docker-image?rq=3) how to use apt/sudo in alpine-based docker image    (https://stackexchange.com/questions?tab=hot) Hot Network Questions   (Worldbuilding Stack Exchange)  (https://worldbuilding.stackexchange.com/questions/265542/water-cycle-without-sun-on-an-earth-like-planet) Water cycle without sun on an Earth-like planet?   (Mathematica Stack Exchange)  (https://mathematica.stackexchange.com/questions/311810/frame-of-discrete-curve) Frame of discrete curve   (Artificial Intelligence Stack Exchange)  (https://ai.stackexchange.com/questions/48293/relevance-of-genetic-algorithms-in-modern-research) Relevance of genetic algorithms in modern research   (English Language & Usage Stack Exchange)  (https://english.stackexchange.com/questions/630268/why-do-some-hymns-from-england-start-with-the-word-and) Why do some hymns from England start with the word "and"?   (Travel Stack Exchange)  (https://travel.stackexchange.com/questions/193910/how-do-i-check-in-for-an-air-new-zealand-operated-flight-if-it-was-booked-throug) How do I check in for an Air New Zealand operated flight if it was booked through Qantas?   (Physics Stack Exchange)  (https://physics.stackexchange.com/questions/846148/which-features-of-the-morris-thorne-wormhole-require-exotic-matter) Which features of the Morris-Thorne wormhole require exotic matter?   (Puzzling Stack Exchange)  (https://puzzling.stackexchange.com/questions/131112/is-it-possible-to-construct-a-sentence-where-any-of-theyre-their-there-coul) Is it possible to construct a sentence where any of they're / their / there could grammatically make sense?   (Skeptics Stack Exchange)  (https://skeptics.stackexchange.com/questions/57779/did-the-biden-administration-lose-almost-a-trillion-dollars-to-improper-payment) Did the Biden administration lose almost a trillion dollars to “improper payments”?   (Role-playing Games Stack Exchange)  (https://rpg.stackexchange.com/questions/215080/can-any-class-cast-spells-as-a-ritual) Can any class cast spells as a Ritual?   (Physics Stack Exchange)  (https://physics.stackexchange.com/questions/846023/does-the-relativity-of-simultaneity-imply-that-distant-clocks-jump-backward-when) Does the relativity of simultaneity imply that distant clocks jump backward when I change frames?   (Literature Stack Exchange)  (https://literature.stackexchange.com/questions/29007/is-egypt-a-popular-vacation-destination-in-ukraine) Is Egypt a popular vacation destination in Ukraine?   (Skeptics Stack Exchange)  (https://skeptics.stackexchange.com/questions/57787/did-the-al-jawf-region-see-snow-for-the-first-time-in-history-in-2024) Did the Al-Jawf region see snow for the first time in history in 2024?   (Mi Yodeya)  (https://judaism.stackexchange.com/questions/148463/how-were-asas-feet-like-gods) How were Asa's feet like God's?   (Matter Modeling Stack Exchange)  (https://mattermodeling.stackexchange.com/questions/14118/what-does-200-nanoseconds-of-simulation-mean) What does "200 nanoseconds of simulation" mean?   (Role-playing Games Stack Exchange)  (https://rpg.stackexchange.com/questions/215068/in-curse-of-strahd-could-the-players-leave-barovia-if-they-join-the-vistani) In Curse of Strahd, could the players leave Barovia if they join the Vistani?   (Law Stack Exchange)  (https://law.stackexchange.com/questions/108010/can-you-be-prosecuted-for-not-quitting-a-group-chat-where-you-are-invited-accide) Can you be prosecuted for not quitting a group chat where you are invited accidentally and you're aware of it?   (Science Fiction & Fantasy Stack Exchange)  (https://scifi.stackexchange.com/questions/295698/tiny-alien-extracted-from-a-human-host-that-makes-a-high-pitched-noise-causing-t) Tiny alien extracted from a human host that makes a high-pitched noise causing the scientists to collapse   (Writing Stack Exchange)  (https://writing.stackexchange.com/questions/71106/how-to-write-a-protagonist-like-joseph-k-from-the-trial-and-still-make-the-stor) How to write a protagonist like Joseph K from The Trial, and still make the story compelling?   (Bitcoin Stack Exchange)  (https://bitcoin.stackexchange.com/questions/125961/bech32-error-detection-and-correction-reference-implementation) Bech32 error detection and correction reference implementation   (Mi Yodeya)  (https://judaism.stackexchange.com/questions/148468/can-one-fulfill-%d7%a7%d7%a8%d7%99%d7%90%d7%aa-%d7%a9%d7%9e%d7%a2-with-a-conlang) Can one fulfill קריאת שמע with a conlang?   (Russian Language Stack Exchange)  (https://russian.stackexchange.com/questions/27736/why-does-the-song-%d1%83%d1%80%d0%b0%d0%bb%d1%8c%d1%81%d0%ba%d0%b0%d1%8f-%d1%80%d1%8f%d0%b1%d0%b8%d0%bd%d1%83%d1%88%d0%ba%d0%b0-mention-cranes-%d0%b6%d1%83%d1%80%d0%b0%d0%b2%d0%bb%d0%b8-in-its-rare-4th) Why does the song "уральская рябинушка" mention cranes (журавли) in its rare 4th verse?   (Space Exploration Stack Exchange)  (https://space.stackexchange.com/questions/68115/the-esa-euclid-and-webb-telescopes-both-occupy-l2-how-close-are-they) The ESA Euclid and Webb telescopes both occupy L2. How close are they?   (Role-playing Games Stack Exchange)  (https://rpg.stackexchange.com/questions/215048/how-can-i-use-a-conlang-in-my-games-in-a-way-that-will-actually-reward-player-ef) How can I use a conlang in my games in a way that will actually reward player effort?   (English Language Learners Stack Exchange)  (https://ell.stackexchange.com/questions/363526/is-my-offenders-the-right-term-for-people-who-have-wronged-me) Is "my offenders" the right term for people who have wronged me?     (/feeds/question/49225976) (Feed of this question and its answers)   Question feed   Subscribe to RSS  Question feed To subscribe to this RSS feed, copy and paste this URL into your RSS reader.   (https://stackoverflow.com/feeds/question/49225976)            ()   lang-yaml    (https://stackoverflow.com)      (https://stackoverflow.com) Stack Overflow  (/questions) Questions  (/help) Help  (https://chat.stackoverflow.com/?tab=site&host=stackoverflow.com) Chat    (https://stackoverflow.co/) Products  (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=teams) Teams  (https://stackoverflow.co/advertising/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=advertising) Advertising  (https://stackoverflow.co/advertising/employer-branding/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=talent) Talent    (https://stackoverflow.co/) Company  (https://stackoverflow.co/) About  (https://stackoverflow.co/company/press/) Press  (https://stackoverflow.co/company/work-here/) Work Here  (https://stackoverflow.com/legal) Legal  (https://stackoverflow.com/legal/privacy-policy) Privacy Policy  (https://stackoverflow.com/legal/terms-of-service/public) Terms of Service  (/contact) Contact Us  Your Privacy Choices     (https://stackoverflow.com/legal/cookie-policy) Cookie Policy    (https://stackexchange.com) Stack Exchange Network  (https://stackexchange.com/sites#technology) Technology   (https://stackexchange.com/sites#culturerecreation) Culture & recreation   (https://stackexchange.com/sites#lifearts) Life & arts   (https://stackexchange.com/sites#science) Science   (https://stackexchange.com/sites#professional) Professional   (https://stackexchange.com/sites#business) Business   (https://api.stackexchange.com/) API   (https://data.stackexchange.com/) Data       (https://stackoverflow.blog?blb=1) Blog  (https://www.facebook.com/officialstackoverflow/) Facebook  (https://twitter.com/stackoverflow) Twitter  (https://linkedin.com/company/stack-overflow) LinkedIn  (https://www.instagram.com/thestackoverflow) Instagram   Site design / logo © 2025 Stack Exchange Inc;  user contributions licensed under  (https://stackoverflow.com/help/licensing) CC BY-SA .  rev 2025.3.26.24455