default user ID?

[tiborsimko]

I noticed that the CMSSW standalone container runs as cmsuser with ID 501:

$ docker run -i -t --rm clelange/cmssw:5_3_32 /usr/bin/id
uid=501(cmsusr) gid=501(cmsusr) groups=501(cmsusr)

This creates some permission issues when running the container in a laptop development kind of situation when my local disk is mounted as a volume to the running process.

Is the cmsuser necessary?

• If yes, could the user ID be set to 1000? This is equal to the first user ID of a Linux system, making development easier when sharing volumes and writing files from inside and outside the container. This is what we usually do in our various projects, for example:

$ grep reanauser Dockerfile 
RUN adduser --uid 1000 --disabled-password --gecos '' reanauser && \
    chown -R reanauser:reanauser /code
USER reanauser
$ docker run -i -t --rm reanahub/reana-job-controller /usr/bin/id
uid=1000(reanauser) gid=1000(reanauser) groups=1000(reanauser)

• If not, what about keeping some root rights?

$ grep -A1 invenio Dockerfile 
RUN adduser --uid 1000 invenio --gid 0 && \
    chown -R invenio:root /code
USER 1000
$ docker run -i -t --rm cernopendata/web /usr/bin/id
uid=1000(invenio) gid=0(root) groups=0(root)

This would make running things easier both locally and on K8s.

[clelange]

Hi @tiborsimko - thanks for raising this issue! I've set the user ID for cmsusr to 1000 in #5. cmsusr is not strictly necessary, but it's better to have a non-root user to avoid possible issues on the host system. I'm now cheating a bit at the moment by making cmsusr a sudoer. During development, I think this is OK. What do you think?