I’m having an inconsistent behavior when running a container in docker with volumes.
The issue seems to be explained in more details here: Permission problems in bind mount in Docker Volume | techflare
Basically I have an alpine app with a user created that owns the container assets under /app. I have a volume exposed where the data should be written out.
If I run the container and let it run as the container’s root user it works fine but it creates the files owned by root, where my host user doesn’t have access to them.
If I run the container as a non-privileged user, then I cat into a weird mess of UIDs hell.
id uid=100(appuser) gid=100(users) groups=100(users) ls -lh -rwxr-xr-x 1 appuser users 11.5M Mar 22 16:04 config-generate drwxr-sr-x 1 appuser users 4.0K Mar 22 16:04 config_files drwxr-xr-x 2 5434 users 4.0K Mar 22 15:34 docker_overrides drwxrw-rw- 3 5434 users 4.0K Mar 22 15:33 metricbeat drwxr-sr-x 1 appuser users 4.0K Mar 22 16:04 mibs drwxr-xr-x 2 root root 4.0K Mar 22 16:05 telegraf cd metricbeat/ sh: cd: can't cd to metricbeat/: Permission denied
for context: telegraf and metricbeat are defined as VOLUME in the Dockerfile.
5434:users is the local user.
appuser:users is the container user.
config: #command: "poller generate --outputFilter metricbeat" entrypoint: "sleep 9999" image: testing:latest network_mode: host env_file: .env volumes: - ./config_generate:/app/docker_overrides/ - type: bind source: ./metricbeat target: /app/metricbeat
One idiotic non-portable solution is to hard code the UID and GID of the local user into the container which I’d rather not do. The user argument doesn’t seem to do anything for me. I tried adding this line:
Now, I have found a solution where I can pass a flag to metricbeat to be more forgiving on UIDs matching but is there a more intelligent way of doing this?
Ideally It would be nice if the mount /bind/volume would support a way to specify the UID/GID to match the values from the user flag.