Docker: Write in shared volumes with different UID being sudo

Question

I have a docker with a bind-mounted volume. The permissions for the bind-mounted volume are for the user "jep" with UID 1005, while the user in the image has the name "user" and 1000 as UID and is in the sudoers group. So when running a container like:

docker run -it --rm -v "$(pwd):/home/user/ws:rw" image

I get permissions error when trying to do anything:

user@f029839700b8 ~/ws: mkdir tmp
mkdir: cannot create directory 'tmp': Permission denied

I tried running a new container like:

docker run -it --rm -u 1005 -v "$(pwd):/home/user/ws:rw" image

So I don't have permission issues anymore, however, the user inside the container has no name, and due to this I cannot run any sudo commands:

I have no name!@297c1088b254:/home/user/ws$sudo
sudo: you do not exist in the passwd database

How can I overcome this issue without changing the owner of the binded-volume in the host machine? I cannot either modify the image.

Answer 1

1. Create a dockerfile, using FROM <unchangeable image>, change user and build your own image.
2. If the app doesn't need sudo and you just need it for the console, you might give the sudo user explicitly: docker exec -u 1000 ..
3. For using local user in docker container you may mount the local users/group inside the container. Then they are known. Due to read-only flag it is quite ok in aspect of security..

docker run -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro -v /etc/shadow:/etc/shadow:ro
# Either (for current user)
-u $(id -u):$(id -g) --group-add sudo
#or manually
-u 1005:<gid> --group-add sudo

If all no: There is no possibility to mount with different user. People crying since ages for a feature like that. Like here or here.