Article
· Mar 5, 2023 2m read

Do I need root privilege to change timezone in iris container?

I asked the question in email and get answers from those colleagus.

Question:

I failed to change time zone on latest iris container(Ubuntu), because:

  • I am irisowner, no root password

  • There is no sudo command

I used to use below Dockfile setting to change time zone while creating a new docker image. However, those commands doesn’t work from non-root user.

FROM $IRIS_IMAGE:$IRIS_VERSION
USER root
RUN export DEBIAN_FRONTEND=noninteractive; \
    export DEBCONF_NONINTERACTIVE_SEEN=true; \
    echo 'tzdata tzdata/Areas select Asia' | debconf-set-selections; \
    echo 'tzdata tzdata/Zones/Asia select Shanghai' | debconf-set-selections; \
    apt-get update -qqy && apt-get install -qqy --no-install-recommends tzdata

I also know for Redhat, I could do it by copy setting file from /etc/timezone and /etc/localtime from host to container, but this doesn’t fit Ubuntu.

Answers:

use --env TZ=xxx in docker run command, by Ayumu Tanaka

$ docker run -it --name test -detach -p 1972:1972 -p 52773:52773 --env TZ=JST-9 containers.intersystems.com/intersystems/iris:2022.1.2.574.0 --check-caps false

you need to check how to set TZ in this format, such as TZ=EST+5, TZ=CST-8. And be aware that such TZ as set TZ=Asia/Shanghai doesn't work.


To get root at runtime by Eduard Lebedyuk

like this: docker exec -u root -it iris bash


uses ntpd to keep the clock up to date by Steven Lubars

The ICM container uses ntpd to keep the clock up to date. In addition to running as root, this also requires: --cap-add SYS_TIME
Simplely add SYS_TIME capability doesn't synchronize time, I havn't figure out where htpd is and how container sychn to host, I am not farmiliar with ICM


Besides, Nicholai Mitchko taught me trick to get passwordless sudo
Here’s a little trick to get passwordless sudo if you need it (I used this for demos when installing new things in a running container)

# Setup rootable calls from the Iris instance to install things

USER root
RUN apt-get clean -yq && apt-get update -yq && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata curl gnupg ca-certificates sudo
RUN /bin/echo -e ${ISC_PACKAGE_MGRUSER}\\tALL=\(ALL\)\\tNOPASSWD: ALL >> /etc/sudoers
RUN sudo -u ${ISC_PACKAGE_MGRUSER} sudo echo enabled passwordless sudo-ing for ${ISC_PACKAGE_MGRUSER}
USER ${ISC_PACKAGE_MGRUSER}
Discussion (1)1
Log in or sign up to continue