Issue:
After SSHed to the container, I tried to “su” to oracle user, I got the following
su: cannot open session: Permission denied
Solution:
this problem is due to missing rights inside of the docker container. Per default a docker container runs with unprivileged rights…
You have multiple possibilities now.
1) Connect directly as oracle using SSH
ssh oracle@localhost -p 2222
2) Using gosu instead of su
Thus the build is bundled with gusu you can use it like:
gosu oracle bash
gosu is required because only containers can run in privileged mode, during build there is no privileged mode so I bundled gosu with this image…
3) Run container with privileged rights
By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices
So the docker run command would be like:
docker run -d --name <your-docker-container-name> -p <local-ssh-port>:22 -p <local-http-port>:8080 -p <local-db-listener-port>:1521 -v /dev/shm --tmpfs /dev/shm:rw,nosuid,nodev,exec,size=2g --privileged <your-docker-image-name>
4) Run container with more Linux capabilities
This is like –privileged but more selective, you give only higher rights to chosen capabilities instead of running the whole container in privileged mode. If you choose solution 3 or 4 I would go for this solution because it´s more secure to only allow certain capabilities instead of all.
So the docker run command would be like:
docker run -d --name <your-docker-container-name> -p <local-ssh-port>:22 -p <local-http-port>:8080 -p <local-db-listener-port>:1521 -v /dev/shm --tmpfs /dev/shm:rw,nosuid,nodev,exec,size=2g --cap-add SYS_RESOURCE <your-docker-image-name>
A Passionate Techie 