Skip to content

Commit 8701d62

Browse files
barckcodeclaude
andcommitted
docs: update custom agent images section for entrypoint privilege drop
Remove USER directive instructions — containers always start as root and the entrypoint handles privilege dropping via gosu. Recommend gosu agentcrew for user-level tool installs during build. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 343f15a commit 8701d62

File tree

2 files changed

+39
-61
lines changed

2 files changed

+39
-61
lines changed

web/src/pages/docs/configuration.astro

Lines changed: 19 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -237,45 +237,34 @@ WEBHOOK_MAX_CONCURRENT=20</code></pre>
237237

238238
<pre><code class="language-dockerfile">FROM ghcr.io/helmcode/agent_crew_agent:latest
239239

240-
# Switch to root to install system packages
241-
USER root
242-
243-
# Install system-level dependencies
244-
RUN mkdir -p /var/lib/apt/lists/partial \
245-
&& apt-get update && apt-get install -y --no-install-recommends \
246-
your-system-packages-here \
240+
# Add your custom dependencies here
241+
# Example: Install Python packages
242+
RUN pip install pandas numpy
243+
244+
# Example: Install system tools
245+
RUN apt-get update && apt-get install -y --no-install-recommends \
246+
postgresql-client \
247+
redis-tools \
247248
&& rm -rf /var/lib/apt/lists/*
248249

249-
# Install user-level tools as agentcrew user (NOT as root)
250-
# RUN su agentcrew -c "npx playwright install chromium"
251-
252-
# IMPORTANT: Switch back to agentcrew user
253-
USER agentcrew</code></pre>
250+
# Example: Install user-level tools (use gosu to run as agentcrew)
251+
# RUN gosu agentcrew npx playwright install chromium</code></pre>
254252

255253
<h3>Base Dockerfile for OpenCode Agent</h3>
256254

257255
<pre><code class="language-dockerfile">FROM ghcr.io/helmcode/agent_crew_opencode_agent:latest
258256

259-
USER root
260-
261-
# Install system-level dependencies
262-
RUN mkdir -p /var/lib/apt/lists/partial \
263-
&& apt-get update && apt-get install -y --no-install-recommends \
264-
your-system-packages-here \
265-
&& rm -rf /var/lib/apt/lists/*
266-
267-
# Install user-level tools as agentcrew user (NOT as root)
268-
# RUN su agentcrew -c "command-here"
269-
270-
# IMPORTANT: Switch back to agentcrew user
271-
USER agentcrew</code></pre>
257+
# Add your custom dependencies here
258+
RUN apt-get update && apt-get install -y --no-install-recommends \
259+
your-tools-here \
260+
&& rm -rf /var/lib/apt/lists/*</code></pre>
272261

273262
<blockquote>
274-
<strong>Important:</strong> Always end your Dockerfile with
275-
<code>USER agentcrew</code>. The base image runs as the <code>agentcrew</code>
276-
user, and leaving <code>USER root</code> will cause Claude Code to reject the
277-
<code>--dangerously-skip-permissions</code> flag. Use <code>USER root</code>
278-
only for system package installations, then switch back.
263+
<strong>Note:</strong> You do not need to manage <code>USER</code> directives
264+
in your Dockerfile. AgentCrew containers always start as root and the
265+
entrypoint script automatically drops privileges to match the workspace
266+
owner. Use <code>gosu agentcrew</code> when you need to install user-level
267+
tools (e.g., browser binaries) during the build.
279268
</blockquote>
280269

281270
<h3>How to Build and Use</h3>

web/src/pages/es/docs/configuration.astro

Lines changed: 20 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -237,46 +237,35 @@ WEBHOOK_MAX_CONCURRENT=20</code></pre>
237237

238238
<pre><code class="language-dockerfile">FROM ghcr.io/helmcode/agent_crew_agent:latest
239239

240-
# Switch to root to install system packages
241-
USER root
242-
243-
# Install system-level dependencies
244-
RUN mkdir -p /var/lib/apt/lists/partial \
245-
&& apt-get update && apt-get install -y --no-install-recommends \
246-
your-system-packages-here \
240+
# Add your custom dependencies here
241+
# Example: Install Python packages
242+
RUN pip install pandas numpy
243+
244+
# Example: Install system tools
245+
RUN apt-get update && apt-get install -y --no-install-recommends \
246+
postgresql-client \
247+
redis-tools \
247248
&& rm -rf /var/lib/apt/lists/*
248249

249-
# Install user-level tools as agentcrew user (NOT as root)
250-
# RUN su agentcrew -c "npx playwright install chromium"
251-
252-
# IMPORTANT: Switch back to agentcrew user
253-
USER agentcrew</code></pre>
250+
# Example: Install user-level tools (use gosu to run as agentcrew)
251+
# RUN gosu agentcrew npx playwright install chromium</code></pre>
254252

255253
<h3>Dockerfile Base para Agente OpenCode</h3>
256254

257255
<pre><code class="language-dockerfile">FROM ghcr.io/helmcode/agent_crew_opencode_agent:latest
258256

259-
USER root
260-
261-
# Install system-level dependencies
262-
RUN mkdir -p /var/lib/apt/lists/partial \
263-
&& apt-get update && apt-get install -y --no-install-recommends \
264-
your-system-packages-here \
265-
&& rm -rf /var/lib/apt/lists/*
266-
267-
# Install user-level tools as agentcrew user (NOT as root)
268-
# RUN su agentcrew -c "command-here"
269-
270-
# IMPORTANT: Switch back to agentcrew user
271-
USER agentcrew</code></pre>
257+
# Add your custom dependencies here
258+
RUN apt-get update && apt-get install -y --no-install-recommends \
259+
your-tools-here \
260+
&& rm -rf /var/lib/apt/lists/*</code></pre>
272261

273262
<blockquote>
274-
<strong>Importante:</strong> Siempre termina tu Dockerfile con
275-
<code>USER agentcrew</code>. La imagen base se ejecuta como el usuario
276-
<code>agentcrew</code>, y dejar <code>USER root</code> hará que Claude Code
277-
rechace el flag <code>--dangerously-skip-permissions</code>. Usa
278-
<code>USER root</code> solo para instalaciones de paquetes del sistema,
279-
luego cambia de vuelta.
263+
<strong>Nota:</strong> No necesitas gestionar directivas <code>USER</code>
264+
en tu Dockerfile. Los contenedores de AgentCrew siempre arrancan como root
265+
y el script de entrypoint reduce los privilegios automaticamente para
266+
coincidir con el propietario del workspace. Usa <code>gosu agentcrew</code>
267+
cuando necesites instalar herramientas a nivel de usuario (por ejemplo,
268+
binarios de navegador) durante el build.
280269
</blockquote>
281270

282271
<h3>Cómo Construir y Usar</h3>

0 commit comments

Comments
 (0)