Reputation: 911
Ensure both user name and user id are the same in host and Docker container
I'm trying to run a Docker container with a custom made image, with a given user. I have an entrypoint.sh, that can change the running user according to an environment variable provided at the Docker command line, with -e USER=myuser.
I have the very same user in the host machine. This can be done in different host machines, and I can ensure this user exists in any host we use. But I'm having troubles because I cannot ensure that the numerical id for this user is always the same (say 1001). At the Docker container execution command line I mount some local folders with -v <src>:<tgt>, and the application in the container creates additional folders and files in <tgt>.
The problem is that although the user in the host and the container have the same name (say myuser), the numerical id for it can change (say e.g. 5000 in the host and 1001 in the container), so I get problems when reading files and folders under the mounted path.
What is the best solution to ensure that, at execution time, not only the user name but also the user id is the same in the host and in the running container?
EDIT
I see I did not explain myself AT ALL, and mixed things. I will try to explain my problem again:
I did create a Linux-based image, and in this image I: a) installed a set of packages as
root; b) created a certain usermyuser, and switched to that user withUSER <usr>in the Dockerfile; and c) copied my own software and installed in the image, as the usermyuser, and this software must be executed by that user.I created the very same user
myuserin another machinelaunched a container from this image, in another machine, and shared some folders (owned by the user
myuser) from the host file system with that container.
The problem appeared because the numerical id for the user myuser was 1001 in the Docker image, and 5000 in the other host, when the container was executed.
One solution would be to force the numerical id being the same any time the user gets created in any host machine. The problem is that I cannot be sure this will be always possible in the host that runs the images.
Upvotes: 5
Views: 7759
Answers (2)
Reputation: 397
If you are using linux based image (say ubuntu for example), in your Dockerfile, you will need something like
sudo addgroup --gid 3000 mygroupname &&
sudo adduser --uid 4000 --gid 3000 --disabled-password --gecos "" myusername
- I'm using 3000 and 4000 just as examples. They can both be same number if you want them to be.
- Whether to disable password or not depends on what you want to do with the user.
- gecos is for setting full name, room number, work phone etc for the user. We are setting them all to be blank. You can definitely set them to something more useful if you want to.
You will have to switch to that user and maybe use that user's home directory as your work directory. Lines in Dockerfile would be:
USER myusername
WORKDIR /home/myusername
Upvotes: 2
Reputation: 388
You should specify the user in the Dockerfile with command USER. The options -e USER=myuser will create a environment variable, but it doesn't change the user by default.
Reference: https://docs.docker.com/engine/reference/builder/#user
Upvotes: 2
Related Questions
- Userid and Group id in docker run command
- Set docker image username at container creation time?
- echo $UID gives host ID and not container root user ID (docker/linux)
- Executing command as specific user in docker container
- Using useradd in a Dockerfile
- Problem with the User and Group inside a container
- How share users between containers?
- Using an explicit UID/GID in Dockerfile
- Docker replicate UID/GID in container from host
- Creating User In Docker Container