Root password inside a Docker container

docker

I'm using a Docker image which was built using the USER command to use a non-root user called dev. Inside a container, I'm "dev", but I want to edit the /etc/hosts file.

So I need to be root. I'm trying the su command, but I'm asked to enter the root password.

What's the default root user's password inside a Docker container?

just exec as a root: docker exec -u 0 -it mycontainer bash. (see H6's answer)

H6.

You can log into the Docker container using the root user (ID = 0) instead of the provided default user when you use the -u option. E.g.

docker exec -u 0 -it mycontainer bash

root (id = 0) is the default user within a container. The image developer can create additional users. Those users are accessible by name. When passing a numeric ID, the user does not have to exist in the container.

from Docker documentation

Update: Of course you can also use the Docker management command for containers to run this:

docker container exec -u 0 -it mycontainer bash

It would be nice to specify that you need mycontainer up and running at the moment when you type the above commad. it works using 2 different terminals: one for mycontainer and the other for this command. Otherwise It requires that mycontainer is running as detached.

for images, use docker run -u 0 -it mycontainer bash

this is the answer that should be on top

@High6, when you say "You can log into the Docker Image...", I think you mean "You can log into the Docker Container".

Is this always possible? Or can this be blocked?

evandrix

Eventually, I decided to rebuild my Docker images, so that I change the root password by something I will know.

RUN echo 'root:Docker!' | chpasswd

RUN echo 'Docker!' | passwd --stdin root

I tried this but it does not work on my CentOS 6 based docker. Does this command work on CentOS based docker?

Why doesn't it ask for the password twice?

Muralidharan.rade

There are a couple of ways to do it.

To run the Docker overriding the USER setting docker exec -u 0 -it containerName bash

docker exec -u root -it --workdir / <containerName> bash

Make necessary file permissions, etc., during the image build in the Docker file If all the packages are available in your Linux image, chpasswdin the dockerfile before the USER utility.

For complete reference: http://muralitechblog.com/root-password-of-a-docker-container/

Proximo

To create/change a root password in a running container

docker exec -itu 0 {container} passwd

You save my bacon

This one should be an accepted answer!

The others are close, but this one actually has the meat.

Peter Mortensen

I am able to get it working with the below command.

root@gitnew:# docker exec -it --user $(username) $(containername) /bin/bash

tgogos

docker exec -u 0 -it containername bash

Richard Corfield

I had exactly this problem of not being able to su to root because I was running in the container as an unprivileged user.

But I didn't want to rebuild a new image as the previous answers suggest.

Instead I have found that I could access the container as root using 'nsenter', see: https://github.com/jpetazzo/nsenter

First determine the PID of your container on the host:

docker inspect --format {{.State.Pid}} <container_name_or_ID>

Then use nsenter to enter the container as root

nsenter --target <PID> --mount --uts --ipc --net --pid

Using boot2docker, I had to use sudo nsenter --target <PID> --mount --uts --ipc --net --pid

Yes, good point. You generally need root permissions to execute docker commands and I guess nsenter is the same. I didn't make this totally clear in my answer.

Since this answer was written, docker has added the command exec to do basically the same thing as nsenter, but easier and cleaner. Just a data point for those who now find this question through search. The command is "docker exec -it " (command is usually /bin/bash, but you can of course do whatever you want).

Also, docker has special treatment for hosts (and resolv.conf). You should not manually edit them; docker recreates /etc/hosts on every start to reflect linked containers and the like.

DimiDak

Get a shell of your running container and change the root pass.

docker exec -u 0 -it <MyContainer> bash

root@MyContainer:/# passwd
Enter new UNIX password: 
Retype new UNIX password:

How can the OP change the password when they don't know what it is?

@MEMark if you are root you are not asked about current password...

user1853859

The password is 'ubuntu' for the 'ubuntu' user (at least in docker for ubuntu :14.04.03).

NB: 'ubuntu' is created after the startup of the container so, if you just do this:

 docker run -i -t --entrypoint /bin/bash  ubuntu

You'll get the root prompt directly. From there you can force the password change of root, commit the container and optionally tag it (with -f) to ubuntu:latest like this:

root@ec384466fbbb:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@ec384466fbbb:~# exit

% docker commit ec3844
5d3c03e7d6d861ce519fe33b184cd477b8ad03247ffe19b2a57d3f0992d71bca

docker tag -f 5d3c ubuntu:latest

You must rebuild your eventual dependencies on ubuntu:latest.

Charith Jayasanka

You can SSH in to docker container as root by using

docker exec -it --user root <container_id> /bin/bash

Then change root password using this

passwd root

Make sure sudo is installed check by entering

sudo

if it is not installed install it

apt-get install sudo

If you want to give sudo permissions for user dev you can add user dev to sudo group

usermod -aG sudo dev

Now you'll be able to run sudo level commands from your dev user while inside the container or else you can switch to root inside the container by using the password you set earlier.

To test it login as user dev and list the contents of root directory which is normally only accessible to the root user.

sudo ls -la /root

Enter password for dev

If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.

Adrian Mouat

I'd suggest a better solution is to give the --add-host NAME:IP argument to docker run when starting the container. That will update the /etc/hosts/ file without any need to become root.

Otherwise, you can override the the USER setting by giving the -u USER flag to docker run. I would advise against this however, as you shouldn't really be changing things in a running container. Instead, make your changes in a Dockerfile and build a new image.

I need to add entries in the hosts file while the container is running.

I also need to install new package, but I can't as I'm not root.

You can use the -u flag to change user. I don't think you can do it from inside the container.

Peter Mortensen

You can use the USER root command in your Dockerfile.

JohnBabrick

When you start the container, you will be root but you won't know what root's pw is. To set it to something you know simply use "passwd root". Snapshot/commit the container to save your actions.

Abhishek D K

try the following command to get the root access

$ sudo -i

This is unlikely to work unless you have the account in the container setup with sudo access. This would be an unusual situation and break the point of having a non-root user running the container.

Anyone know the DEFAULT su password for Docker install? I tried to run elevation and there IS one set.

This worked in WSL2 after exporting the docker image and importing into WSL2. From there, just do passwd to set the password for root. Exit back to non-root user and try sudo su or su. It will now work.

Mithilesh Tipkari

By default docker containers run as the root user.

If you are still using the container you can use exit command to get back to root (default user) user instead of running the container again.

Example -

[dev@6c4c86bccf93 ~]$ ls
[dev@6c4c86bccf93 ~]$ other-commands..
[dev@6c4c86bccf93 ~]$ exit
[root@6c4c86bccf93 /]# ls

greatvovan

In some cases you need to be able to do things like that under a user with sudo (e.g. the application running in the container provides a shell to users). Simply add this into you Dockerfile:

RUN apt-get update         # If necessary
RUN apt-get install sudo   # If your base image does not contain sudo.
RUN useradd -m -N -s /bin/bash -u 1000 -p '$1$miTOHCYy$K.c4Yw.edukWJ7z9rbpTZ0' user && \
    usermod -aG sudo user  # Grant sudo to the user
USER user

Now under the default image user user you will be able to sudo with the password set on line 3.

See how to generate password hash for useradd here or here.

Tihamer

Some of the answers above were good, especially those like:

docker exec -u root -it CONTAINERID /bin/bash

where you get your CONTAINERID from the first column of the answer to:

docker ps

This makes you root, and you can do anything you want. But only if the command exists in your container. In order to do something as simple as changing the root password (as many people above have suggested), I had to turn off my VPN and do:

yum install -y passwd

While I was there, I installed vim and sudo in case I needed it in the future.

Just a note: passwd won't let you get away with easy passwords.

Joel J

Setting a fixed root password in a docker container can compromise systems, and so shouldn't be used. Instead you might use:

 docker exec -itu 0 CONTAINER_ID bash

whenever you want root access to the container, while the container is up and running.

The above command assumes you want to run bash as your shell. I don't use MS Windows, but I'd guess that you might try CMD or CMD.EXE instead of bash if you're on a MS Windows machine.

Root password inside a Docker container

Follow WeChat

Want to stay one step ahead of the latest teleworks?

相似问题

Platform

Support

Links

Contact US