In our internal testing environment we provision CentOS VMs from a vSphere-based server. The images are vanilla 7.1 with packages and associated configuration to support authentication via LDAP. I have Docker 1.13.1 installed with OverlayFS driver on an xfs filesystem.
FROM centos:7
RUN useradd dockeruser
USER dockeruser
VOLUME /data
On the host:
mkdir data
echo "hello from host" > data/host-msg.txt
docker run -ti --rm -v $(pwd)/data:/data testimage bash
Inside the container:
echo "hello from container" > /data/container-msg.txt
bash: /data/container-msg.txt: Permission denied
Listing the directory contents inside the container:
drwxr-xr-x 2 12345 13000 25 Feb 12 21:36 data
drwxr-xr-x 5 root root 360 Feb 12 21:36 dev
drwxr-xr-x 1 root root 62 Feb 12 21:36 etc
The data directory shows the ownership in uid/gid format rather than username/groupname.
I have read many articles and questions describing this behavior and various strategies to workaround.
But. On my local Fedora 25 development system I get none of this behavior. I perform the procedure above, am able to write to the host-mounted /data mount, and the directory listing displays username/groupname.
/
drwxrwxr-x 2 dockeruser dockeruser 4096 Feb 12 04:36 data
drwxr-xr-x 5 root root 360 Feb 12 22:00 dev
drwxr-xr-x 1 root root 4096 Feb 12 22:00 etc
/data
-rw-rw-r-- 1 dockeruser dockeruser 21 Feb 12 22:04 container-msg.txt
To make everything as similar as possible to the lab configuration I stood up a CentOS 7.1 VM on my dev system via libvirt and again got the same results -- no messing with uid/gid mapping, user namespaces, nothing. Writing to the host mounted volume from inside the container Just Worked, out of the box.
What could possibly account for this behavior? Is the LDAP on the lab VM somehow introducing permission issues at the filesystem level? is there something specific I could ask our ops team to either inspect or temporarily disable to try and troubleshoot this issue?
Finally and perhaps most important, if permissions issues on host-mounted volumes don't seem to be issues at all for me either on a clean CentOS or Fedora Workstation then why does it still continue to be a thing in the Docker community? Is there some configuration in these setups that is so fundamentally different from what everyone else is using (my team's lab VMs included) that things just work?
