I have created a Docker volume and wish to mount it so that it is accessible by a non-root user in the container. I understand that by default Docker volumes are mounted with root user ownership thus preventing its read-write access by the non-privileged user within the container.
I’ve used the --mount because it allows for specification of more options, specifically the uid and gid for the mount. Unfortunately I cannot get it to work. These are the steps I have tried so far:
Create the volume: docker volume create --name ubuntu-test
I am using an ubuntu image which I know has the non-privileged user id 1000 so I want to run the process within the image as that user as well as mount the docker volume with uid/gid of 1000:
docker run --rm -it -u 1000:1000 --mount source=ubuntu-test,target=/home/ubuntu/m2,volume-driver=local,volume-opt=o=uid=1000 ubuntu bash
Once in the container, listing the contents of the ubuntu home directory shows m2 to be owned by root:root and notubuntu:ubuntu. This is not the desired result.
It depends on where you mount it. Build an image that already has the folder with a content having the required permissions. Then Docker will copy the files from the container to the volume with the same permissions and owners.
Then what do we call a volume? Let’s start with answering another question. What do we not call a volume? A file can never be a volume. A volume is always a directory, and it is a directory which is created by Docker and handled by Docker throughout the entire lifetime of the volume. The main purpose of a volume is to populate it with the content of the directory to which you mount it in the container. That’s not the case with bind mounts. Bind mounts just completely override the content of the mount point in the container, but at least you can choose where you want to mount it from.
Use Docker Compose. That will make your life easier. It still requires command line, but you can describe everything more easily. (examples in my blogposts)
I’ve managed to find a work around for my issue and that is to create the volume and attach it to a temporary container into which I get a bash shell. I can then ‘chown’ the volume to the uid:gid that I need. Not ideal but it works for now.
This whole issue relates to running a docker container from a Jenkins pipeline so in its basic form it runs from the commandline. It might be possible to specify a Docker compose file but I haven’t got that far yet. I’ve just been wrestling with how to start a container from within another one, which I have now solved.
My first post was based on that idea, except that don’t need to do it interactively. So you are on the right path alredy. Good luck with the following steps!
