Docker container as non-root, any caveat?

Is there any caveat to create and use a non-root user in a TensorRT Docker container ?

For example, will it be problematic with already installed pip packages ?

Here is how I may create the user in the Dockerfile:

ARG USERNAME="user"
ARG USER_UID=1000
ARG USER_GID=$USER_UID
RUN groupadd $USERNAME --gid=$USER_GID \
    && useradd $USERNAME --gid=$USER_GID --uid=$USER_UID --shell=/bin/bash --create-home \
    && apt-get install -y sudo \
    && echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/${USERNAME}" \
    && chmod 0440 "/etc/sudoers.d/${USERNAME}"

Also is it still necessary to add the user to group video ?

Hi @jetsonfan ,
We havent tried this, but if you already, and facing issues, pls share with us,
in the meantime i will check on the feasibility.

Thanks

It apparently works but as I use it for developpement then I’m never sure if any issue I have is due to this.

The thing I don’t like is using a container for developpement for the Jetson is all in root then for a deployment with maximal performance on the Jetson I plan to not use a container anymore and everything is subtly different because on the Jetson like any system we are not root by default.

The problem is that those containers are all made for being root in them and I haven’t found a documentation telling that making an user in them is reliable.

Hi @jetsonfan ,
I would recommend you to pls tag this issue to Jetson forum, to get better assistance.

Thanks

Jetson was an example.

Many other deployments would the same. Imagine you have to tell your client “sorry you have to launch our software in root because we developped everything in root and we have no time anymore to struggle with the subtle differences it may introduces”.

Also doing a shared directory is annoying because any file created in the container will be owned by root and all permissions needs to be changed each time.