https://denibertovic.com/posts/handling-permissions-with-docker-volumes/
The expression between the back ticks gets interpolated
$ id -u $USER
1000
Himanshu • a year ago
Basti Tee • 10 months ago
The expression between the back ticks gets interpolated
$ id -u $USER
1000
Thanks for the very useful article.
If one wants to bake-in the new user at build time then --build-args can leveraged.
Assuming current user (who's building the docker image) is 'bob' having UID=103
Goal is to create docker image having user 'jdoe' with same UID=103
================================================================
$ cat Dockerfile
FROM centos:7 #OR whatever
ARG USER_ID
RUN useradd --shell /bin/bash -o --create-home --user-group -u $USER_ID jdoe
================================================================
Build
------
$ docker build -t my-base-image --build-arg USER_ID=`id -u $USER` .
================================================================
Run
-----
$ docker run -it -u jdoe my-base-image
[jdoe@a1b2c3f4 /]$ id -u jdoe
103
================================================================
If one wants to bake-in the new user at build time then --build-args can leveraged.
Assuming current user (who's building the docker image) is 'bob' having UID=103
Goal is to create docker image having user 'jdoe' with same UID=103
================================================================
$ cat Dockerfile
FROM centos:7 #OR whatever
ARG USER_ID
RUN useradd --shell /bin/bash -o --create-home --user-group -u $USER_ID jdoe
================================================================
Build
------
$ docker build -t my-base-image --build-arg USER_ID=`id -u $USER` .
================================================================
Run
-----
$ docker run -it -u jdoe my-base-image
[jdoe@a1b2c3f4 /]$ id -u jdoe
103
================================================================
Hi Deni,
I think this can (now) be solved without any additional scripts. Just mount your /etc/group and /etc/passwd readonly to your container like:
docker run -ti \
-v /etc/group:/etc/group:ro -v /etc/passwd:/etc/passwd:ro \
-u $( id -u $USER ):$( id -g $USER ) \
some-image:lastest bash
Notice also the usage of "id -g" and "id -u" which will also solve the group issue. This method has only one drawback: If any script or application tries to write-access /etc/group or /etc/passwd it will fail due to permissions. But at least for my use-cases I never ran into issues here.
Best regards and thanks for your ideas on that.
Basti.
I think this can (now) be solved without any additional scripts. Just mount your /etc/group and /etc/passwd readonly to your container like:
docker run -ti \
-v /etc/group:/etc/group:ro -v /etc/passwd:/etc/passwd:ro \
-u $( id -u $USER ):$( id -g $USER ) \
some-image:lastest bash
Notice also the usage of "id -g" and "id -u" which will also solve the group issue. This method has only one drawback: If any script or application tries to write-access /etc/group or /etc/passwd it will fail due to permissions. But at least for my use-cases I never ran into issues here.
Best regards and thanks for your ideas on that.
Basti.
No comments:
Post a Comment