0

On Linux I want to run my program in docker container and have 1 directory bound (mounted?) read-write between host and container. Further I want the program running in container run as a normal user. I have a problem with that "normal user" part. I create user in Dockerfile:

# Add in non-root user
ENV UID_OF_DOCKERUSER 1001
RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt

USER dockerUser
COPY --chown=dockerUser:users container_startup.sh /opt/container_startup.sh
ENTRYPOINT ["/opt/container_startup.sh"]

When starting container I mount local directory in such way:

docker run -it --rm -v ./test:/test:rw myimage

Now files can be shared between host user account and container's root account. If I use dockerUser account, then it can't read files in shared directory and if it creates anything there, it can't be read by host user account (different uid is given).

What to do to make the volume inside container be owned by dockerUser?

MateuszL
  • 2,751
  • 25
  • 38
  • did you add line `USER username1001` in [Dockerfile](http://redhatgov.io/workshops/security_containers/exercise1.2/)? – rzlvmp Aug 23 '23 at 11:30
  • @rzlvmp yes. I added to question a few possibly relevant lines – MateuszL Aug 23 '23 at 11:35
  • This sounds not unlike [Docker-compose set user and group on mounted volume](https://stackoverflow.com/questions/40462189/docker-compose-set-user-and-group-on-mounted-volume), though that's a little more Compose-centric. Can you `docker run -u $(id -u)` to give the container the same numeric user ID as on the host? You don't specifically need to create the user or `chown` non-data files in the Dockerfile. – David Maze Aug 23 '23 at 14:49
  • @DavidMaze I tried and files created in container can't be modified from host - uid is set as wanted inside container, but outside it is seen as different, higher number. Command: `docker run --name=nginx3 -it --rm -v ./test:/test -u $(id -u):$(id -g) -p 5000:80 nginx bash` – MateuszL Aug 24 '23 at 10:59

0 Answers0