Question 1

How to install gosu in a Dockerfile?

Accepted Answer

Download the binary for your architecture, verify it with GPG using the key B42F6819007F00F88E364FD4036A9C25BF357DD4, and set execute permissions. The README points to INSTALL.md for detailed Dockerfile instructions.

Question 2

gosu vs su-exec: which is better for Alpine Linux?

Accepted Answer

su-exec is a C-based rewrite specifically for Alpine, offering a smaller binary size and direct package availability. gosu is more versatile across distributions but larger; choose su-exec for minimal Alpine images or gosu for broader compatibility.

Question 3

Why does gosu avoid TTY issues that su has?

Accepted Answer

gosu uses exec to directly replace itself with the target process, so no parent process lingers to interfere with TTY or signals. In contrast, su forks and retains control, causing the issues highlighted in the README's docker run examples.

Question 4

Is gosu safe to use outside of Docker containers?

Accepted Answer

The README cautions against it due to potential vulnerabilities like CVE-2016-2779. It's primarily designed for Docker entrypoints where the use case naturally mitigates these risks, so general use is not recommended.

Question 5

How do I specify a user and group with gosu?

Accepted Answer

Use the format 'user:group' or numeric IDs, exactly like Docker's --user flag. For example, 'gosu nobody:root id' runs id as user nobody and group root, as shown in the usage examples.

Question 6

What are the main alternatives to gosu for containers?

Accepted Answer

Options include setpriv from util-linux for newer systems, chroot with --userspec, and su-exec for Alpine. The README lists these with command examples, so pick based on your base image and requirements.

GoSu

What is GoSu?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions