moby: exec doesn't default to user specified in image anymore

In Docker <= 1.6.2, using docker exec defaults to the user specified in the image via USER.

In Docker 1.7.0, it defaults to root. Is this intended or a bug?

docker info:

Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirperm1 Supported: true
Execution Driver: native-0.2
Kernel Version: 3.16.0-37-generic
Operating System: Ubuntu 14.10

1.6.2 docker version:

Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.4.2
Git commit (client): 7c8fca2
OS/Arch (client): linux/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.4.2
Git commit (server): 7c8fca2
OS/Arch (server): linux/amd64

1.7.0 docker version:

Client version: 1.7.0
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 0baf609
OS/Arch (client): linux/amd64
Server version: 1.7.0
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 0baf609
OS/Arch (server): linux/amd64

Dockerfile:

FROM ubuntu:14.04
RUN   useradd -m -s /bin/bash default
USER  default

Steps to reproduce:

docker exec -it <container> bash

About this issue

Original URL
State: closed
Created 9 years ago
Comments: 15 (7 by maintainers)

Most upvoted comments

The new manpages say this about the “–user” flag:

       -u, --user=""
          Sets the username or UID used and optionally the groupname or GID for the specified command.

       The followings examples are all valid:
          --user [user | user:group | uid | uid:gid | user:gid | uid:group ]

       Without this argument the command will be run as root in the container.

So this seems to be intentional, but I’m not sure if whoever made this decision thought about the consequences (specifically, scripts currently using ‘docker exec’ that are now broken because they assumed it would respect the container’s USER property by default).

asazernik on Jun 25, 2015