{"id":15395423,"url":"https://github.com/creemama/run-non-root","last_synced_at":"2025-04-16T00:12:32.048Z","repository":{"id":66939117,"uuid":"145063212","full_name":"creemama/run-non-root","owner":"creemama","description":"Run Linux commands as a non-root user, creating a non-root user if necessary.","archived":false,"fork":false,"pushed_at":"2019-03-06T22:14:47.000Z","size":112,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-16T00:12:06.493Z","etag":null,"topics":["docker","linux","non-root","root","shell","shell-scripts"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/creemama.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-17T02:43:49.000Z","updated_at":"2024-09-26T07:38:23.000Z","dependencies_parsed_at":"2023-09-02T23:22:02.722Z","dependency_job_id":null,"html_url":"https://github.com/creemama/run-non-root","commit_stats":{"total_commits":99,"total_committers":1,"mean_commits":99.0,"dds":0.0,"last_synced_commit":"b60983b4195a9868c1184753f338d0061ec1cf84"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/creemama%2Frun-non-root","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/creemama%2Frun-non-root/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/creemama%2Frun-non-root/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/creemama%2Frun-non-root/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/creemama","download_url":"https://codeload.github.com/creemama/run-non-root/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249173085,"owners_count":21224483,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","linux","non-root","root","shell","shell-scripts"],"created_at":"2024-10-01T15:28:16.301Z","updated_at":"2025-04-16T00:12:32.031Z","avatar_url":"https://github.com/creemama.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# run-non-root\n\n\u003e Run Linux commands as a non-root user, creating a non-root user if necessary.\n\n\u003cp\u003e\n \u003ca href=\"https://travis-ci.org/creemama/run-non-root\"\u003e\u003cimg alt=\"Travis CI Build Status\" src=\"https://img.shields.io/travis/creemama/run-non-root/master.svg?style=flat-square\u0026label=Travis+CI\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nThis allows us to\n\n[**run Docker containers with a non-root user by default**](https://github.com/creemama/docker-run-non-root)\n\nwithout having to specify a `USER` with hardcoded UIDs and GIDs in our Dockerfiles.\n\n```\nUsage:\n run-non-root [options] [--] [COMMAND] [ARGS...]\n\nRun Linux commands as a non-root user, creating a non-root user if necessary.\n\nOptions:\n -c, --chown Colon-separated list of files and directories to run\n \"chown USERNAME:GID\" on before executing the\n command; you can use this option multiple times\n instead of using a colon-separated list; run-non-root\n ignores this option if you are already running as a\n non-root user; unlike -p this option is non-recursive.\n -d, --debug   Output debug information; using --quiet does not\n silence debug output. Double up (-dd) for more output.\n -f, --group GROUP_NAME The group name to use when executing the command; the\n default group name is USERNAME or nonroot; this\n option is ignored if we are already running as a\n non-root user or if the GID already exists; this\n option overrides the RUN_NON_ROOT_GROUP environment\n variable.\n -g, --gid GID The group ID to use when executing the command; the\n default GID is UID or a new ID determined by\n groupadd; this option is ignored if we are already\n running as a non-root user; this option overrides the\n RUN_NON_ROOT_GID environment variable.\n -h, --help Output this help message and exit.\n -i, --init Run an init (the tini command) that forwards signals\n and reaps processes; this matches the docker run\n option --init.\n -p, --path Colon-separated list of directories to run\n \"chown -R USERNAME:GID\" on before executing the\n command; you can use this option multiple times\n instead of using a colon-separated list; if a\n directory does not exist, run-non-root attempts to\n create it; run-non-root ignores this option if you\n are already running as a non-root user; unlike -c\n this option is recursive.\n -q, --quiet Do not output \"Running ( COMMAND ) as USER_INFO ...\"\n or warnings; this option does not silence --debug\n output.\n -t, --user USERNAME The username to use when executing the command; the\n default is nonroot; this option is ignored if we are\n already running as a non-root user or if the UID\n already exists; this option overrides the\n RUN_NON_ROOT_USER environment variable.\n -u, --uid UID The user ID to use when executing the command; the\n default UID is GID or a new ID determined by\n useraddd; this option is ignored if we are already\n running as a non-root user; this option overrides the\n RUN_NON_ROOT_UID environment variable.\n -v, --version Ouput the version number of run-non-root.\n\nEnvironment Variables:\n RUN_NON_ROOT_COMMAND The command to execute if a command is not given; the\n default is bash; if bash does not exist, the default\n is sh.\n RUN_NON_ROOT_GID The group ID to use when executing the command; see\n the --gid option for more info.\n RUN_NON_ROOT_GROUP The group name to use when executing the command; see\n the --group option for more info.\n RUN_NON_ROOT_UID The user ID to use when executing the command; see\n the --uid option for more info.\n RUN_NON_ROOT_USER The username to use when executing the command; see\n the --user option for more info.\n\nExamples:\n # Run bash or sh as a non-root user.\n run-non-root\n\n # Run id as a non-root user.\n run-non-root -- id\n\n # Run id as a non-root user using options and the given user specification.\n run-non-root -f ec2-user -g 1000 -t ec2-user -u 1000 -- id\n\n # Run id as a non-root user using environment variables\n # and the given user specification.\n export RUN_NON_ROOT_GID=1000\n export RUN_NON_ROOT_GROUP=ec2-user\n export RUN_NON_ROOT_UID=1000\n export RUN_NON_ROOT_USER=ec2-user\n run-non-root -- id\n```\n\n## Installation\n\nUse the following commands to install or upgrade `run-non-root`:\n\n```sh\nwget -O /usr/local/bin/run-non-root https://raw.githubusercontent.com/creemama/run-non-root/master/run-non-root.sh\n# curl -L https://raw.githubusercontent.com/creemama/run-non-root/master/run-non-root.sh -o /usr/local/bin/run-non-root\nchmod +x /usr/local/bin/run-non-root\n```\n\n## Docker and `run-non-root`\n\nFor more information about using `run-non-root` with Docker, see [docker-run-non-root](https://github.com/creemama/docker-run-non-root).\n\n## Thank you, `su-exec`\n\nWe use [`su-exec`](https://github.com/ncopa/su-exec/tree/dddd1567b7c76365e1e0aac561287975020a8fad) to execute commands so that the command given to `run-non-root` does not run as a child of `run-non-root`; the command [replaces](https://linux.die.net/man/3/exec) `run-non-root`.\n\nConsider the following examples using the command:\n```sh\n$ docker run -it --rm creemama/run-non-root:latest --quiet -- ps aux\n```\n\nIf we changed `run-non-root` to use `su`, the output would be:\n```\nPID USER TIME COMMAND\n 1 root 0:00 {run-non-root} /bin/sh /usr/local/bin/run-non-root --quiet -- ps aux\n 17 root 0:00 su -c ps aux nonroot\n 18 nonroot 0:00 ps aux\n```\n\nIf we changed `run-non-root` to use `exec su`, the output would be:\n```\nPID USER TIME COMMAND\n 1 root 0:00 su -c ps aux nonroot\n 17 nonroot 0:00 ps aux\n```\n\nIf we use `exec su-exec` (the current way `run-non-root` executes commands), the output is:\n```\nPID USER TIME COMMAND\n 1 nonroot 0:00 ps aux\n```\n\nWe use `su-exec` over [`gosu`](https://github.com/tianon/gosu) since `su-exec` does more or less exactly the same thing as `gosu`, but it is only 10 kilobytes instead of 1.8 megabytes; in fact, `gosu` recommends using `su-exec` over itself in its [installation instructions for Alpine Linux](https://github.com/tianon/gosu/blob/caa402be6661f65c93d63bc205bc36ce055558bf/INSTALL.md).\n\n## `tini`\n\nUse the `--init` option to use [`tini`](https://github.com/krallin/tini) with `run-non-root`. `tini` handles zombie reaping and signal forwarding.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcreemama%2Frun-non-root","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcreemama%2Frun-non-root","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcreemama%2Frun-non-root/lists"}