I’m having an inconsistent behavior when running a container in docker with volumes.
The issue seems to be explained in more details here: Permission problems in bind mount in Docker Volume | techflare
Basically I have an alpine app with a user created that owns the container assets under /app. I have a volume exposed where the data should be written out.
If I run the container and let it run as the container’s root user it works fine but it creates the files owned by root, where my host user doesn’t have access to them.
If I run the container as a non-privileged user, then I cat into a weird mess of UIDs hell.
id
uid=100(appuser) gid=100(users) groups=100(users)
ls -lh
-rwxr-xr-x 1 appuser users 11.5M Mar 22 16:04 config-generate
drwxr-sr-x 1 appuser users 4.0K Mar 22 16:04 config_files
drwxr-xr-x 2 5434 users 4.0K Mar 22 15:34 docker_overrides
drwxrw-rw- 3 5434 users 4.0K Mar 22 15:33 metricbeat
drwxr-sr-x 1 appuser users 4.0K Mar 22 16:04 mibs
drwxr-xr-x 2 root root 4.0K Mar 22 16:05 telegraf
cd metricbeat/
sh: cd: can't cd to metricbeat/: Permission denied
for context: telegraf and metricbeat are defined as VOLUME in the Dockerfile.
5434:users is the local user.
appuser:users is the container user.
My configuration:
config:
#command: "poller generate --outputFilter metricbeat"
entrypoint: "sleep 9999"
image: testing:latest
network_mode: host
env_file: .env
volumes:
- ./config_generate:/app/docker_overrides/
- type: bind
source: ./metricbeat
target: /app/metricbeat
One idiotic non-portable solution is to hard code the UID and GID of the local user into the container which I’d rather not do. The user argument doesn’t seem to do anything for me. I tried adding this line:
user: "5434:100"
Now, I have found a solution where I can pass a flag to metricbeat to be more forgiving on UIDs matching but is there a more intelligent way of doing this?
Ideally It would be nice if the mount /bind/volume would support a way to specify the UID/GID to match the values from the user flag.
Any ideas?