When the container is run, there is another system user of host system with id 999 and somehow the permissions of the mapped volume on host system is getting mixed up:
Change of permission for mapped volume on host system:
output of ls -ltr:
drwx------ 19 polkitd root 4096 Feb 6 12:06 postgres
What is the problem here? If the user id on host system is somehow getting mapped to user id of container? What should be done in case it is not possible to modify the Dockerfile? Should we create a system user on host system and pass its GID/UID while starting container? As of now we dont pass any UID/GID while starting container. This question is similar to:
User and group names tell nothing about the uid and gid they have. Try ls -ln to see the ids instead of the names.
Is there actually a problem?
The container only cares for uid and gid. It does not care for the user or group names. If the process inside the container is executed with a user that has uid=999 and gid=999, then it requires host paths used for a bind requires the proper ownership and permission to permit the uid and/or group id to access the folder.
The uid:gid inside the container does not have to exist on the host. If it exists your host of course ill show the names for the uid as declared in /etc/passwd and gid as declared in /etc/groups.
Some images support environment variables to set the UID/GID of the process inside the container, others use the docker default mechanism, which allow setting a user using docker run -u <uid:gid> (note: this will break containers that must start as root, and then start the main process as unprivileged user`, and some images won’t work at all if you tinker with their uid:gid.