Cannot find User Sonarsource in sonar-scanner-cli

Hi all,In the Dockerfile for sonar-scanner-cli

FROM gcr.io/sonarqube-team/base:latest
USER root
RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
RUN apt-get install -y nodejs
USER sonarsource

The USER sonarsource is defined in the Dockerfile, however when I run this the id is root.

/usr/src # id
uid=0(root) gid=0(root) groups=0(root)

Additionaly when I check /etc/passwd/ there appears to be no user called sonarsource that exists.

root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
scanner-cli:x:1000:1000:Linux User,,,:/home/scanner-cli:/sbin/nologin

Can you please clarify why this as I’m rather confused, am I missing something?

“Because the container user is always a member of the root group, the container user can read and write these files. The root group does not have any special permissions (unlike the root user) so there are no security concerns with this arrangement. In addition, the processes running in the container must not listen on privileged ports (ports below 1024), since they are not running as a privileged user.”

Hi @PandoraH

welcome to the community :wave:

Is this a mirror of our docker image? if yes, than the user that you are looking for is called scanner-cli and your build will never succeed as this image is based on alpine and therefor does not have apt-get.
If you wish to modify our base image to run as a none root user you can use something like this:

FROM sonarsource/sonar-scanner-cli:4.5

USER scanner-cli

the only thing that you will need to take care about when using this, would be the user permissions for the actual scan. the source folder needs to be owned by the user 1000

hope that helps