Hi!

I’m currently trying to understand & implement the userns remapping feature…so the basics are clear to me:
I have an entry in /etc/subuid & /etc/subgid that looks like:
$user:1000:1

So my own user on the host is mapped to the root user in the docker container…so far so good.

The problem I have is, what happens when I have a container running, that has a dedicated user. So e.g. I have a container that runs an application on tomcat, so there is a tomcat user (uid & gid = 1001) in the container.
When adding a volume mount I still want the permissions of the folder to be set to the tomcat user and not to root. So basically I want the user remap just to affect containers that are running as root, everything else should be mapped 1:1 as before:
UID 1000 (Host) maps to UID 0 (Container)
UID 1001 (Host) maps to UID 1001 (Container)
UID 1002 (Host) maps to UOD 1002 (Container)

Is this possible? Or can I really just map 1 user per docker daemon?

I tried a lot of things, but either the permissions in the container are set to root or to nobody (and are not accessible at all).

I’m using docker version 18.03 on Ubuntu 16.04.4