Pass along user credentials in Docker

Question

Using a Docker application, I want to run an app as Daemon:

docker run -v $(pwd)/:/src -dit --name DOCKER_NAME my-app

And then execute a Python script from the mounted drive:

docker exec -w /src DOCKER_NAME python my_script.py

This Python script generates some files and figures, that I would later want to use. However, I have an issue that the files generated from within the Docker app have different rights than my outer environment.

[2D] drwxrwxr-x  5 jenkins_slave jenkins_slave    4096 Mar 21 10:47 .
[2D] drwxrwxr-x 24 jenkins_slave jenkins_slave    4096 Mar 21 10:46 ..
[2D] drwxrwxr-x  2 jenkins_slave jenkins_slave    4096 Mar 21 10:46 my_script.py
[2D] -rw-r--r--  1 root          root           268607 Mar 21 10:46 spaider_2d_0_000.png
[2D] -rw-r--r--  1 root          root           271945 Mar 21 10:46 spaider_2d_0_001.png
[2D] -rw-r--r--  1 root          root           283299 Mar 21 10:46 spaider_2d_0_010.png

In the above example, the latter 3 files are generated from within the Docker mount.

Can I in any way specify that the Docker app should be run with same credentials as the outer environment, and/or the generated files should have certain permissions?

Answer 1

Use Docker's -u/--user instruction to set user and group to run the container.

For example, if I would like to run the container not by root but by myself, I can do the following:

user=$(id -u)
group=$(cut -d: -f3 < <(getent group $(whoami)))

docker run -it -u "$user:$group" <CONTAINER_NAME> <COMMAND>

Inside the container you will find the user ID has changed to the one as in the host.

$ whoami
whoami: unknown uid 1000

Yes the username becomes unknown, but I guess you will not bother with it. You are doing this to set the correct permissions, not to get a nicely displayed name, right?

P.S., Docs here: https://docs.docker.com/engine/reference/run/#user