We have been creating a system of containers, including clients, Cassandra nodes, and using Fluentd for centralised logging. We use a vagrant for development, and have now transitions to using Ansible for provisioning.
If there is one aspect of docker which has caused us the most problems and for which we have been least able to find useful and detailed information on (which may just be our own fault), it is the interplay between containers, their users, bind mounted volumes and their permissions.
I hope the community can share it’s knowledge broadly around this subject, point to the best resources and explain the finer points.
Specific questions to get started:
- Is there a default user that the docker deamon starts containers running as?
- We noticed that some dockerfiles explicitly create and set permission for a given userID (see Cassandra), are there are best practices or conventions set for this?
- Is there a consistent and general methodology for setting files permissions for mounted volumes and container users?
Specific issue we had:
- Containers chomd’ing volumes as specific self-made users thus blocking host users running as non-root from file access.
- Containers failing due to lacking permissions to write to shared volumes.
- Trying to set the user for containers and receiving “Docker API Error: linux spec user: unable to find user some_user: no matching entries in passwd file”