Docker Community Forums

Share and learn in the Docker community.

Managing UID across different hosts when using volumes


(Kenneho) #1

Hi.

I’m setting up a CI workflow based on this tutorial: https://circleci.com/blog/continuous-drupal-p1-maintaining-with-docker-git-composer/

I’m currently facing this issue: In both my dev and testing environment, I mount the application directory like this:

volumes:
  - ./app:/app

This is done on both my Nginx and PHP images. However, as the /app originates from my Git repo, and come into existence by running “git clone”, the UID set for these files will be that of the user running on the actual host which executes the git clone command. So for every environment, i.e. linux server, the UID may vary.

My current plan is not to bundle the code, i.e.e “/app”, within the docker container, not even in production, but have the container mount the /app folder. I know this is probably an antipattern, but will be a compromise until I get to know the application better - using this pattern, if needed I can make changes to the code in production, and commit it to the git repo.

Anyways, back to the issue: How are others managing having different UID across different environments, when mounting volumes inside containers?


(Sam) #2

make the uid the same


(Kenneho) #3

Thanks for the reply.

My initial though was to make the the UID executing “git clone” and “docker-compose up” the same across all the linux servers, and make sure this UID would match the UID running inside the container. This is conceptually easy, but would make the containers even less portable.

A better setup would be somehow to map or modify the UID running inside the container, to match that of whatever UID is running the “git clone” and “docker-compose up” on the host. I’m not sure if this is at all supported when using docker-compose, so if you happen to know of any settings to get this up and running please feel free to link to relevant documentation.


(Sam) #4

add a user and uid as required to the images, and execute as that user
compose doesn’t need to know


(Kenneho) #5

If I understand you correctly, your idea is to create a user (with say UID 1500) in the Dockerfile, and have the service inside the container execute as this user. On the host system, I need to create a user with UID 1500, such that when I mount a volume (i.e. " -v ./app:/app"), both the host user and the container user are considered equal.

Is this correct?


(Sam) #6

Yes, correct, that is the way


(Kenneho) #7

Thanks. This would work. I was hoping there would be some straight forward way to allow for the host and the container to use different UID. I’ll keep looking, and use the suggested approach as a plan B.


(Sam) #8

well, you have to have that user/uid combo in all places before you can use it.

I ran into a lot of fun using a container, connecting to an amazon efs volume… trying to get the uids right.

compose has the ‘user’ keyword, but not the uid. but the user has to exist to be used…


(Kenneho) #9

I’ll go for a setup like this for now.

Maybe I’ll go for something like https://github.com/boxboat/fixuid later on.

Thanks!


(Yogeek) #10

You can use GOSU : https://github.com/tianon/gosu to dynamically map uids


(Kenneho) #11

Thanks, I hadn’t heard of this tool before. I’ll definitely look into it.