Using nsswrapper is not now recommended method.

[GrahamDumpleton]

Using nsswrapper is no longer the recommended method. The preferred suggestion now is to make /etc/passwd and /etc/group writable and add entries from the ENTRYPOINT script.

See section 'Support Arbitrary User IDs`` in:

• https://docs.openshift.org/latest/creating_images/guidelines.html#openshift-specific-guidelines

For an actual example, which also includes updating /etc/group which sometimes is also necessary but docs don't mention, see:

• https://github.com/jupyter/docker-stacks/blob/master/base-notebook/start.sh#L92

[tchughesiv]

Thanks @GrahamDumpleton ... interestingly enough, the Dockerfile example in those official docs is a link back to this same repository: https://github.com/RHsyseng/container-rhel-examples/blob/master/starter-arbitrary-uid/Dockerfile.centos7

FWIW though, you're right we should probably just remove the nsswrapper example altogether given is doesn't really buy you anything over the supported method. I think I've just been delaying its removal in case someone needed this as a reference for something. Thanks for the input and the /etc/group pointer.