Change UID/GID on container start

I’m trying to create a simple start-mariadb command based on mariadb:10 from the hub. My commands I execute look like this:

#! /bin/bash

if [ ! -d ~/.mariadb ]; then
  mkdir ~/.mariadb


docker run --name mariadb -p 3306:3306 -v ~/.mariadb:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=$MARIADB_PW -e MYSQL_USER=$mysql_user -e MYSQL_PASSWORD=$mysql_password  mariadb:10
docker rm mariadb

Data in ~/mariadb is written with UID/GID of the mysql user within the running container, thus as a normal user I can not remove the created files. My idea was to change the UID and GID of the mysql user to the same as the user currently logged in user ( provided using -e UID=$UID for example ). Therefore I created a new Dockerfile with a new entrypoint.

The lines are:

#! /bin/bash
usermod -u $UID mysql
groupmod -g $GID mysql


This does not seem to work unfortunately. How could I provide the user the ability to remove ~/.mariadb without giving him sudo rights?

UPDATE Thought it should be possible using the new user namespaces. I added --userns-remap to /etc/init.d/docker and added --uidmap="999:1000:1" to docker run but this did not work.

Kind regards,

1 Like

I think what you are trying to do can be explained here. In a nutshell:

Set group ownership of the directory to be used as volume to some GID (in this example 1024 ) not used on any actual groups on the host
chown :1024 /data/myvolume
Change permissions on the directory to give full access to members of the group (read+write+execute)
chmod 775 /data/myvolume
Ensure all future content in the folder will inherit group ownership
chmod g+s /data/myvolume
Create a user in the Dockerfile which is member of the 1024 group
RUN addgroup --gid 1024 mygroup
RUN adduser --disabled-password --gecos "" --force-badname --ingroup 1024 myuser
USER myuser
(Optional) Add your host user to the group allowing you to conveniently work with the directory from your host machine
adduser ubuntu 1024