Reputation: 815
In docker, writing file to mounted file-system as non-root?
I have a docker container with a -v /home/dan:/home/dan:rw. When the container writes files to /home/dan, the files are owned by root in the host filesystem. Is there a way to make it so that files written from the container to the mounted volume are owned by some arbitrary user on the host filesystem?
Upvotes: 39
Views: 17376
Answers (5)
Reputation: 629
If you still need to run the whole container as root, but want to make the written files owned by the host user:
# this overrides the default CMD entrypoint as side effect
docker run -v $(pwd):/hostDir your_image /bin/sh -c "cp pom.xml /hostDir/ && chown `id -u $USER`:`id -g $USER` /hostDir/pom.xml"
Upvotes: -1
Reputation: 426
A follow up to mandark answer - I would say it's also good to include the user group otherwise you will end up with stuff belonging to user: USER and group: root. To achive user:user just pass in group id as well, for example:
docker run -v /home/dan:/home/dan -u `id -u $USER`:`id -g $USER` IMAGE
# if it's for the current user, then you can omit the $USER env var
docker run -v /home/dan:/home/dan -u `id -u`:`id -g` IMAGE
Upvotes: 18
Reputation: 27226
EDIT: this has changed since my original answer which said it couldn't be done. As per answer of Mandark:
This can be done by using the -u switch for the docker run command.
For example:
docker run -v /home/dan:/home/dan -u `id -u $USER` IMAGE
Upvotes: 17
Reputation: 782
As François Zaninotto has pointed out, the user id can be used.
This can be done by using the -u switch for the docker run command.
For example:
docker run -v /home/dan:/home/dan -u `id -u $USER` IMAGE
Upvotes: 24
Reputation: 7335
It's possible. It's hard to automate, but it's possible. Here is the process:
- in the host, determine the current user id and group id
in the docker container, run a shell script to:
- add a new group with the group id from the host
- add a new user with the same user id from the host (and belonging to the group just created)
- sudo as this new user
Now, each file generated inside the container will be using the right user id and group id, and the host will attach them to your user.
I've written a tool to automate that using make, it's called make-docker-command. Hope this helps.
Upvotes: 4
Related Questions
- Let non-root user write to linux host in Docker
- docker can not write on mounted volume with non-root user
- How to create files and folders with non-root account through dockerfile
- Docker: non-root user does not have writing permissions when using volumes
- How can I write to a directory owned by ROOT when not running as ROOT for a Tomcat Docker Image that I don't want to edit?
- Docker user cannot write to mounted folder
- Is there any way to create a write-able volume in non-root docker container?
- Non-root user in Docker
- How to read and write to mounted volume without running as root?
- How do I write to a volume container as non-root in docker?