I’m trying to create a container that uses ENV vars (set in the dockerfile at build, or in the docker-compose.yml), to create a user and group, and run a service as that new user.
The use case is that I want a container to run unison, expose a volume form it, and mount it on an nginx container via volumes-from.
The problem is that currently (using leighmcculloch/unison) the service runs as “root”. When the volume is mounted in the nginx container, it is mounted as “root” and nginx cannot write to the files (rendering it useless for PHP apps, for example).
My idea is to be able to create a user from ENV vars when the container is started, and run the service “unison” as that user. In that way, I can define the user “www-data” in the docker-compose.yml file and when the volume is mounted in the nginx contianer, nginx is able to write to it.
I’ve tested this using a base debian:jessie image, installing unison manually, creating the user, group, chmoding everything as required, and running the unison script by hand. Everything works fine.
What I now want is to automate this, so I can easily create containers to work on several projects.
Is this at all feasible? Is there a better way to accomplish this?