Mounting Bind Volumes as USER set in Dockerfile

Is it possible to mount a Bind Mount in a Docker container so that its owned by the last USER statement, or owned by a specific user?

I’m attempting to mount my configuration directory into a container, and the user that is being ran is a regular user, but the Bind Mount is owned by root and the regular user doesn’t have permissions to access it.

How would I get around that?

I am unopposed to having/being forced to use Docker Volumes instead of Bind Mounts though.

I am not sure about your expectations, but folder ownership and permissions from the host are still valid inside the container… If root is the owner and 755 is the permission mask, only root will be able to write into the mapped folder… Docker will not magicaly map the host’s folder uid:gid to a container uid:gid for you.

The last declared USER determines which uid:pid is used to execute your process.
Though, the first(!) used USER declaration is the one, that can be overriden by ‘docker run --user {uid}:{gid}’ and it’s counterpart in a docker-compose.yml.

Make sure the uid:gid is the owner of the host path, that you bind into the container. The terrible alternative is to apply ‘chmod 777’ to the host path…

I am having the same issue as @predatorian3. I am running rootless docker under user foo. There is a USER foo statement and then a RUN mkdir -p /home/foo/bar statement in the Dockerfile for myimage. The numeric uid is 122 on both host and container. The numeric gid is 130 on both host and container.

foo@host:~$ docker run -it -w /home/foo -u foo:foo myimage
foo@f8ccc656c955:~$ ls -ld bar
drwxrwxr-x 1 foo foo 4096 Jan 25 06:31 bar/
foo@f8ccc656c955:~$ exit
foo@host:~$ docker run -d -t -w /home/foo -u foo:foo \
  -v /home/foo/bar:/home/foo/bar  myimage
foo@host:~$ docker exec -it \
  a8072ef0b58a88cc759939ac49e014b5f6f8ccc656c955414c58dd1720f65ff0 bash
foo@a8072ef0b58a:~$ ls -ld bar
drwxrwxr-x 9 root root 4096 Jan 25 06:31 bar/