Closed kdrobnyh closed 1 year ago
Hi @kdrobnyh I expect docker --user
to work, according to this article https://medium.com/redbubble/running-a-docker-container-as-a-non-root-user-7d2e00f8ee15
Could it be, that you ran a docker container using root privileges, and then you ran the docker container with your own user, but on the same shared files?
@bugy, thanks for the quick response! No, it's not possible. I believe the reason is that /app
and /app/conf
folders are not writable for non-root user (/app
has 755, /app/conf
has 775 permissions). And when I run the container using --user UID:GID, this user does not have write access there.
Got it, thank you. Unfortunately, I won't be able to work on this feature in the nearest future. If you want/have time, feel free to create a pull request for it.
@bugy, thanks for the quick response! No, it's not possible. I believe the reason is that
/app
and/app/conf
folders are not writable for non-root user (/app
has 755,/app/conf
has 775 permissions). And when I run the container using --user UID:GID, this user does not have write access there.
@kdrobnyh - which installation are you using? You may be able to compose filesystem permission overrides into the container, so that user permissions do work.
@MNeill73, that was actually helpful, thank you!
My usecase: I want to be able to call scripts on the host system from a docker container (script-server) and looks like the easiest way to do it is to ssh to the host and call a script. And ssh does not work without an explicitly created user inside of the docker container.
Solution: For now I decided to build a docker image on top of script-server.
Dockerfile
:
FROM bugy/script-server:latest
ARG UNAME=noroot
ARG UID=1000
ARG GID=1000
RUN apt-get update && apt-get install -y openssh-client
RUN groupadd -g $GID -o $UNAME
RUN useradd -d /app/home -m -u $UID -g $GID -s /bin/bash $UNAME
RUN chown $UID:$GID /app
RUN chown $UID:$GID /app/conf
RUN chmod -R o+r /app/src
USER $UNAME
docker-compose.yml
:
version: "3.6"
services:
scriptserver:
build:
context: .
args:
UID: 1200
GID: 1200
container_name: scriptserver
volumes:
- "./config.json:/app/conf/conf.json"
- "./runners:/app/conf/runners"
- "./scripts:/app/scripts"
- "./ssh:/app/home/.ssh"
ports:
- 8000:8000
networks:
- scriptserver
extra_hosts:
- "host.docker.internal:host-gateway"
restart: unless-stopped
networks:
scriptserver:
driver: bridge
I'd just close the issue and leave my solution here for possible future references.
Is it possible to allow custom setup for UID/GID in a docker container? E.g., linuxserver.io uses these. I just tried a rootless docker with a custom user, got a lot of permission denied errors (can't create logs, temp, schedules folders).