search

docker / roadmap

Welcome to the Public Roadmap for All Things Docker! We welcome your ideas.
https://github.com/orgs/docker/projects/51
Creative Commons Zero v1.0 Universal
1.77k stars 264 forks source link

Allow control of user and permissions on bind mounts #398

Open dwt opened 2 years ago

dwt commented 2 years ago

Tell us about your request I want to be able to mount volumes, especially bind mounts with custom permissions in the container.

Which service(s) is this request for? docker and docker compose

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? This should allow me to share files (~/.ssh, but also source code of apps I am working on) with a custom user in the container without having to ensure that it's id's match what is used outside the container. (As matching id's can be really hard for dev containers hat are used across a range of systems.)

Are you currently working around the issue? I am aware of several workarounds which all not quite suit my needs.

  1. Stop using custom users in the container, then bind mount the data to /tmp/something, and use an ENTRYPOINT script to copy the data to the final place and chown and chmod id there. This works to some degree, but is unsuitable, if the data in the bind mount changes, or a custom user is wanted in the container.
  2. Ensure the custom user in the container matches the uid and gid of the user outside the container. That way the bind mounts present their permissions correctly in the container. This however is hard if the container is used on a large variety of machines, as is customary for development containers. As there is (to my knowledge) no custom tooling in place in docker compose or docker to make this easy, it requires custom tooling around those tools to ensure that UID mapping works, which makes it a clunky workaround.
dwt commented 2 years ago

I like this write-up that goes over more details of some of the available workarounds. It doesn't exactly mention their weaknesses, but AFAIK none of them are achievable with just plain docker-compose usage.

https://techflare.blog/permission-problems-in-bind-mount-in-docker-volume/

g-kartik commented 8 months ago

Are there any plans to develop this feature?

StayPirate commented 4 months ago

I'm interested too, is there any update on this?

codyswanner commented 4 months ago

I arrived here because I'm having a problem where when my containers are active, I cannot edit the files that are part of my bind mount without using sudo, which is a big problem for working in VSCode that doesn't have sudo permissions. I'm using an rshared bind mount so that a webpack development script in my node container can watch for changes in files and compile a new script based on changes.