JGD
Reputation: 13
Problems related to permissions for non-root users and Docker volumes
I'm using Docker to set up isolated development environments. So I configured the dockerfile to create a non-root user. (Using the official Ubuntu image as a base)
I created a volume for file management, but a permission problem occurred.
reviewed several solutions for this. :
- chmod 777 -R volume (this is a stupid method but effective)
- Match with the same PID/GID as the user on the host (I think this method works fine)
I wanted to apply solution number 2, but the problem was as follows.
- user on the host is 1000:1000 (UID:GID).
- user on the guest is 1001:1001(UID:GID).
- In the guest, 1000:1000 is already in use by a user named "ubuntu".
However, it does not seem desirable to modify the external environment to use Docker. So, I decided not to create a user with 1001:1001.
The user named “ubuntu” is an account that has already been created as shown below.
$ docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
Digest: sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15
Status: Image is up to date for ubuntu:latest
docker.io/library/ubuntu:latest
What's Next?
1. Sign in to your Docker account → docker login
2. View a summary of image vulnerabilities and recommendations → docker scout quickview ubuntu
$ docker run --rm ubuntu cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash <-- ??
What I want to know:
- What does the user “ubuntu” exist for?
- Can I use “ubuntu” or replace it with another account?
- If "ubuntu" is for special purposes, I would like to create a GID to access the volume and use umask. If there is a better solution, please share it.
I am looking for a flexible and generalized method for this problem that is not affected by the external environment.
Upvotes: 0
Views: 221
Answers (0)
Related Questions
- Unable to access DOCKER Container
- What is the (best) way to manage permissions for Docker shared volumes?
- How do I Docker COPY as non root?
- executable file not found in $PATH - Java, Ubuntu, containers
- Docker File Non Root User Theory Question
- symfony docker permission problems for cache files
- when executing SSH command from jenkins nvm not found