Docker makes it easy to share host network and filesystem, but it doesn’t make it easy to share the host’s user ID and group ID. This is very useful when using a container locally on your desktop, and sharing a volume where container can write files. Eg a micro dev environment like a shell that contains all required third-party dependencies so every dev has same CLI tools. In that case it is useful for the files to have the same user ID and group ID as the user on host.
Basically my technique is to create a non-root user in the
groupadd), run the container in detached mode, docker exec to switch the non-root user to the host’s user and group ID’s, docker exec to switch ownership of some files (this has only be necessary in some cases, such as for running docker in docker then I have to switch ownership of
/var/run/docker.socket) and finally docker exec into a shell. Details at my blog post Docker run: Mirror Host User - Sentian Cloud Computing Inc.
I’ve been using this for a couple of years and it works great, but it has been quite tricky to get right, and there are always edge cases. Eg the
usermod -u HOST_UID will change the ID of the user in the container, but any files that were created from
Dockerfile for that user will have the original UID. This hasn’t been a problem for me, but I’m sure there are situations where it would be.
I’m not keen on mounting
/etc/group as this shares way more info with container than I want and may cause other issues (since you are replacing all user and group ID’s!!).
It seems there should be a much easier way to do this, like just an extra command line arg similar to
--network host. Eg
docker run --match-host-user .... Since the docker engine shares the host’s kernel runtime, it seems technically feasible to build it into docker.
Any chance of this happening?