2025-07-14 18:00:58 +00:00
<!doctype html> < html lang = en class = no-js > < head > < meta charset = utf-8 > < meta name = viewport content = "width=device-width,initial-scale=1" > < meta name = description content = "Welcome to the home of the LinuxServer.io documentation!" > < meta name = author content = LinuxServer.io > < link href = https://docs.linuxserver.io/misc/non-root/ rel = canonical > < link href = ../finances/ rel = prev > < link href = ../read-only/ rel = next > < link rel = icon href = ../../assets/favicon.ico > < meta name = generator content = "mkdocs-1.6.1, mkdocs-material-9.5.50" > < title > Running Containers As A Non-Root User - LinuxServer.io< / title > < link rel = stylesheet href = ../../assets/stylesheets/main.a40c8224.min.css > < link rel = stylesheet href = ../../assets/stylesheets/palette.06af60db.min.css > < link rel = preconnect href = https://fonts.gstatic.com crossorigin > < link rel = stylesheet href = "https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback" > < style > : root { --md-text-font : "Roboto" ; --md-code-font : "Roboto Mono" } < / style > < link rel = stylesheet href = ../../stylesheets/extra.css > < link rel = stylesheet href = ../../assets/stylesheets/mkdocs_d2_plugin.css > < script > _ _md _scope = new URL ( "../.." , location ) , _ _md _hash = e => [ ... e ] . reduce ( ( ( e , _ ) => ( e << 5 ) - e + _ . charCodeAt ( 0 ) ) , 0 ) , _ _md _get = ( e , _ = localStorage , t = _ _md _scope ) => JSON . parse ( _ . getItem ( t . pathname + "." + e ) ) , _ _md _set = ( e , _ , t = localStorage , a = _ _md _scope ) => { try { t . setItem ( a . pathname + "." + e , JSON . stringify ( _ ) ) } catch ( e ) { } } < / script > < / head > < body dir = ltr data-md-color-scheme = default data-md-color-primary = purple data-md-color-accent = indigo > < input class = md-toggle data-md-toggle = drawer type = checkbox id = __drawer autocomplete = off > < input class = md-toggle data-md-toggle = search type = checkbox id = __search autocomplete = off > < label class = md-overlay for = __drawer > < / label > < div data-md-component = skip > < a href = #running-containers-as-a-non-root-user class = md-skip > Skip to content < / a > < / div > < div data-md-component = announce > < / div > < header class = md-header data-md-component = header > < nav class = "md-header__inner md-grid" aria-label = Header > < a href = ../.. title = LinuxServer.io class = "md-header__button md-logo" aria-label = LinuxServer.io data-md-component = logo > < img src = ../../assets/icon.svg alt = logo > < / a > < label class = "md-header__button md-icon" for = __drawer > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z" / > < / svg > < / label > < div class = md-header__title data-md-component = header-title > < div class = md-header__ellipsis > < div class = md-header__topic > < span class = md-ellipsis > LinuxServer.io < / span > < / div > < div class = md-header__topic data-md-component = header-topic > < span class = md-ellipsis > Running Containers As A Non-Root User < / span > < / div > < / div > < / div > < form class = md-header__option data-md-component = palette > < input class = md-option data-md-color-media = "(prefers-color-scheme: light)" data-md-color-scheme = default data-md-color-primary = purple data-md-color-accent = indigo aria-label = "Switch to dark mode" type = radio name = __palette id = __palette_0 > < label class = "md-header__button md-icon" title = "Switch to dark mode" for = __palette_1 hidden > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z" / > < / svg > < / label > < input class = md-option data-md-color-media = "(prefers-color-scheme: dark)" data-md-color-scheme = slate data-md-color-primary = purple data-md-color-accent = indigo aria-label = "Switch to light mode" type = radio name = __palette id = __palette_1 > < label class = "md-header__button md-icon" title = "Switch to light mode" for = __palette_0 hidden > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z" / > < / svg > < / label > < / form > < script > v a r p a l e t t e = _ _ m d _ g e t ( " _ _ p a l e t t e " ) ;
2024-12-12 19:02:09 +00:00
< / span > < span id = __span-0-2 > < a id = __codelineno-0-2 name = __codelineno-0-2 href = #__codelineno-0-2 > < / a > < span class = w > < / span > < span class = nt > somecontainer< / span > < span class = p > :< / span >
< / span > < span id = __span-0-3 > < a id = __codelineno-0-3 name = __codelineno-0-3 href = #__codelineno-0-3 > < / a > < span class = w > < / span > < span class = nt > image< / span > < span class = p > :< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > someimage< / span >
< / span > < span id = __span-0-4 > < a id = __codelineno-0-4 name = __codelineno-0-4 href = #__codelineno-0-4 > < / a > < span class = w > < / span > < span class = nt > user< / span > < span class = p > :< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > < uid> :< gid> < / span >
2024-12-19 19:29:29 +00:00
< / span > < / code > < / pre > < / div > < p > Will run the container as that user, and that cannot then be changed without recreating it. It's never quite that simple, however.< / p > < p > Our images use s6 as a supervisor and that needs to be able to write its service files to < code > /run< / code > ; many applications expect to be able to write to their working directory, changing UIDs and GIDs requires writing to < code > /etc/passwd< / code > & < code > /etc/group< / code > , installing new packages requires writing to numerous locations, and mods need to be extracted to the container filesystem. In short, there are some heavy limitations around operation of our images with a non-root user:< / p > < ul > < li > The PUID & PGID variables will not have any effect, the container will instead run applications with the UID & GID of the user you have specified via the < code > --user< / code > parameter< / li > < li > You will need to manually manage the permissions of any mounted volumes or paths< / li > < li > Docker Mods will not be run< / li > < li > Custom Services will not be run< / li > < li > Custom Scripts will be limited in their functionality< / li > < li > You cannot set < code > no-new-privileges=true< / code > as it will prevent s6 from being able to start the init process< / li > < / ul > < p > For all of these reasons, we recommend you < em > do not< / em > switch existing container instances to run with a non-root user without careful testing.< / p > < p > For example:< / p > < div class = "language-yaml highlight" > < pre > < span > < / span > < code > < span id = __span-1-1 > < a id = __codelineno-1-1 name = __codelineno-1-1 href = #__codelineno-1-1 > < / a > < span class = nt > services< / span > < span class = p > :< / span >
2024-12-12 19:02:09 +00:00
< / span > < span id = __span-1-2 > < a id = __codelineno-1-2 name = __codelineno-1-2 href = #__codelineno-1-2 > < / a > < span class = w > < / span > < span class = nt > sonarr< / span > < span class = p > :< / span >
< / span > < span id = __span-1-3 > < a id = __codelineno-1-3 name = __codelineno-1-3 href = #__codelineno-1-3 > < / a > < span class = w > < / span > < span class = nt > image< / span > < span class = p > :< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > lscr.io/linuxserver/radarr:latest< / span >
< / span > < span id = __span-1-4 > < a id = __codelineno-1-4 name = __codelineno-1-4 href = #__codelineno-1-4 > < / a > < span class = w > < / span > < span class = nt > container_name< / span > < span class = p > :< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > radarr< / span >
< / span > < span id = __span-1-5 > < a id = __codelineno-1-5 name = __codelineno-1-5 href = #__codelineno-1-5 > < / a > < span class = w > < / span > < span class = nt > environment< / span > < span class = p > :< / span >
< / span > < span id = __span-1-6 > < a id = __codelineno-1-6 name = __codelineno-1-6 href = #__codelineno-1-6 > < / a > < span class = w > < / span > < span class = "p p-Indicator" > -< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > TZ=Europe/London< / span >
< / span > < span id = __span-1-7 > < a id = __codelineno-1-7 name = __codelineno-1-7 href = #__codelineno-1-7 > < / a > < span class = w > < / span > < span class = nt > volumes< / span > < span class = p > :< / span >
< / span > < span id = __span-1-8 > < a id = __codelineno-1-8 name = __codelineno-1-8 href = #__codelineno-1-8 > < / a > < span class = w > < / span > < span class = "p p-Indicator" > -< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > /path/to/radarr/data:/config< / span >
< / span > < span id = __span-1-9 > < a id = __codelineno-1-9 name = __codelineno-1-9 href = #__codelineno-1-9 > < / a > < span class = w > < / span > < span class = "p p-Indicator" > -< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > /path/to/movies:/movies< / span >
< / span > < span id = __span-1-10 > < a id = __codelineno-1-10 name = __codelineno-1-10 href = #__codelineno-1-10 > < / a > < span class = w > < / span > < span class = "p p-Indicator" > -< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > /path/to/downloadclient-downloads:/downloads< / span >
< / span > < span id = __span-1-11 > < a id = __codelineno-1-11 name = __codelineno-1-11 href = #__codelineno-1-11 > < / a > < span class = w > < / span > < span class = nt > ports< / span > < span class = p > :< / span >
< / span > < span id = __span-1-12 > < a id = __codelineno-1-12 name = __codelineno-1-12 href = #__codelineno-1-12 > < / a > < span class = w > < / span > < span class = "p p-Indicator" > -< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > 7878:7878< / span >
< / span > < span id = __span-1-13 > < a id = __codelineno-1-13 name = __codelineno-1-13 href = #__codelineno-1-13 > < / a > < span class = w > < / span > < span class = nt > restart< / span > < span class = p > :< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > unless-stopped< / span >
< / span > < span id = __span-1-14 > < a id = __codelineno-1-14 name = __codelineno-1-14 href = #__codelineno-1-14 > < / a > < span class = w > < / span > < span class = nt > user< / span > < span class = p > :< / span > < span class = w > < / span > < span class = "l l-Scalar l-Scalar-Plain" > 1000:1000< / span >
2025-02-12 09:10:40 +00:00
< / span > < / code > < / pre > < / div > < h2 id = support-policy > Support Policy< a class = headerlink href = #support-policy title = "Permanent link" > ¶ < / a > < / h2 > < p > Operation of our images with a non-root user is supported on a Reasonable Endeavours basis and < em > only< / em > for images which we have specifically tested. These images will have their ability to be run with a non-root user noted in the readme, along with any additional caveats. Please see our < a href = https://linuxserver.io/supportpolicy > Support Policy< / a > for more details.< / p > < aside class = md-source-file > < span class = md-source-file__fact > < span class = md-icon title = "Last update" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1zM12.5 7v5.2l4 2.4-1 1L11 13V7zM11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2z" / > < / svg > < / span > < span class = "git-revision-date-localized-plugin git-revision-date-localized-plugin-date" > December 17, 2024< / span > < / span > < span class = md-source-file__fact > < span class = md-icon title = Created > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M14.47 15.08 11 13V7h1.5v5.25l3.08 1.83c-.41.28-.79.62-1.11 1m-1.39 4.84c-.36.05-.71.08-1.08.08-4.42 0-8-3.58-8-8s3.58-8 8-8 8 3.58 8 8c0 .37-.03.72-.08 1.08.69.1 1.33.32 1.92.64.1-.56.16-1.13.16-1.72 0-5.5-4.5-10-10-10S2 6.5 2 12s4.47 10 10 10c.59 0 1.16-.06 1.72-.16-.32-.59-.54-1.23-.64-1.92M18 15v3h-3v2h3v3h2v-3h3v-2h-3v-3z" / > < / svg > < / span > < span class = "git-revision-date-localized-plugin git-revision-date-localized-plugin-date" > December 5, 2024< / span > < / span > < / aside > < / article > < / div > < script > var target = document . getElementById ( location . hash . slice ( 1 ) ) ; target && target . name && ( target . checked = target . name . startsWith ( "__tabbed_" ) ) < / script > < / div > < button type = button class = "md-top md-icon" data-md-component = top hidden > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z" / > < / svg > Back to top < / button > < / main > < footer class = md-footer > < nav class = "md-footer__inner md-grid" aria-label = Footer > < a href = ../finances/ class = "md-footer__link md-footer__link--prev" aria-label = "Previous: Finances" > < div class = "md-footer__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z" / > < / svg > < / div > < div class = md-footer__title > < span class = md-footer__direction > Previous < / span > < div class = md-ellipsis > Finances < / div > < / div > < / a > < a href = ../read-only/ class = "md-footer__link md-footer__link--next" aria-label = "Next: Running Containers Read-Only" > < div class = md-footer__title > < span class = md-footer__direction > Next < / span > < div class = md-ellipsis > Running Containers Read-Only < / div > < / div > < div class = "md-footer__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z" / > < / svg > < / div > < / a > < / nav > < div class = "md-footer-meta md-typeset" > < div class = "md-footer-meta__inner md-grid" > < div class = md-copyright > < div class = md-copyright__highlight > Copyright © 2025 LinuxServer.io < / div > Made with < a href = https://squidfunk.github.io/mkdocs-material/ target = _blank rel = noopener > Material for MkDocs < / a > < / div > < div class = md-social > < a href = https://linuxserver.io target = _blank rel = noopener title = linuxserver.io class = md-social__link > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 640 512" > <!-- Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "m181.5 197 . 1 12 . 9 6 . 4c5 . 9 3 12 . 4 4 . 5 19 . 1 4 . 5 23 . 5 0 42 . 6-19 . 1 42 . 6-42 . 6V144c0-35 . 3-28 . 7-64-64-64h-64c-35 . 3 0-64 28 . 7-64 64v21 . 4c0 23 . 5 19 . 1 42 . 6 42 . 6 42 . 6 6 . 6 0 13 . 1-1 . 5 19 . 1-4 . 5l12 . 9-6 . 4 8 . 4-4 . 2-12-7 . 9c-4 . 5-3-7 . 1-8-7 . 1-13 . 3V168c0-13 . 3 10 . 7-24 2
