Create a non-root user on X11-window-manager

Shuuri · February 14, 2020, 8:03am

Hi,

I had a container that builds from x11-window-manager (https://github.com/balena-io-playground/x11-window-manager/blob/master/Dockerfile.raspberrypi3).

The container has chromium-browser rpi-chromium-mods installed. However, I can’t run the chromium-browser.
Got error message as below:

Thus, I created a user pi and added the pi user to group audio, video, input, tty However, I still obtained root user when the desktop is up. How to change it to load as pi user so I can use chromium.

srlowe · February 14, 2020, 9:23am

Hello, Please could you post your updated Dockerfile?

Shuuri · February 17, 2020, 12:39am

Hi @srlowe,

Here is my updated Dockerfile.

I added vncserver, raspbian chromium (rpi-chromium-mods) with libgles2 and lxterminal.

I am using docker-compose instead of docker run.
Then added user pi and add to groups as in the Dockerfile screenshot.

jviotti · February 17, 2020, 12:45pm

Hey there! Have you tried using the USER Dockerfile keyword? (https://docs.docker.com/engine/reference/builder/#user). That should affect all the subsequent commands and make them run as that user

Shuuri · February 17, 2020, 4:31pm

Hi @jviotti,

Yes, I did.
However, startx command on the start.sh (https://github.com/balena-io-playground/x11-window-manager/blob/master/start.sh) not allowed the Pi user to execute the command.
Ended up with the error, as shown

My docker-compose is as shown:

Updated Dockerfile:

ffissore · February 17, 2020, 5:01pm

Hi

I did some search and I’ve found this workaround mentioned in a few places: try installing package xserver-xorg-legacy as well

If that does not work, can you please share the content of file /home/pi/.local/share/xorg/Xorg.0.log: it’s mentioned in the error message

Best regards

federico

ffissore · February 17, 2020, 5:03pm

Alternatively, you can try starting chromium as root with --no-sandbox, as suggested in your first error message: unless you need chromium sandbox support, it should just work

Shuuri · February 18, 2020, 12:31am

Yes, the --no-sandbox is working but I preferred to run Chromium without the --no-sandbox flag as security issue also part of my concern.

Thanks & Best Regards,
Shuuri

Shuuri · February 18, 2020, 12:37am

Hi,

I will try on the xserver-xorg-legacy package.
I just wander if there is other way like through the lightdm window manager as I checked official Raspbian and found out that the packages is not installed but it can run as pi user.

anujdeshpande · February 18, 2020, 10:50am

Hi Shuuri
Indeed running without the no-sandbox option would be better. Let us know if xserver-xorg-legacy fixes the issue