This is a quick example to test the suggestion at this post, namely we want to build a container with a particular user and group id, and then run it. We will bind a directory in the present working directory to write file to, and check that they are owned by the building user.
The caveat to this approach is that you would likely have to build the container each time for a new user id.
The first step is to build the container, and we will map our group and user id:
$ docker build -t docker-permissions --build-arg USER_ID=$(id -u) --build-arg GROUP_ID=$(id -g) .Let's now run an interactive shell in the container, and check who we are! We will mount a local directory to test writing files.
$ mkdir -p flies
$ docker run -it --rm --mount "type=bind,src=$(pwd)/files,dst=/opt/files" --workdir /opt/files docker-permissions bashLet's check who we are!
$ whoami
squidward
$ echo $(id -u)
1000
$ echo $(id -g)
1000If the user has a similar host setup and are the default first user on their system, then you could be in luck because Linux automatically assigns this id.
Next let's try creating files in the container to see what happens.
$ touch squidwards-file.txt
$ mkdir squidwards-folderAnd peek at permissions:
$ ls -l
total 4
-rw-r--r-- 1 squidward squidward 0 Feb 12 18:18 squidwards-file.txt
drwxr-xr-x 2 squidward squidward 4096 Feb 12 18:19 squidwards-folderAnd now exit the container:
$ exitDo the same to check permissions on the mounted folder, do they belong to my user (my username let's say is dinosaur):
$ ls -l files/
total 4
-rw-r--r-- 1 dinosaur dinosaur 0 Feb 12 11:18 squidwards-file.txt
drwxr-xr-x 2 dinosaur dinosaur 4096 Feb 12 11:19 squidwards-folderSuccess! I can delete or otherwise interact with these files now without getting a "Permission denied."
Let's say we have a more robust application, and want to do the above with docker compose. You can use the docker-compose.yml file included and then build the container providing the group and user id:
$ docker-compose build --build-arg USER_ID=$(id -u) --build-arg GROUP_ID=$(id -g)
$ docker-compose up -d
Creating network "docker-permissions_default" with the default driver
Creating docker-permissions_permissions_1 ... doneCheck that it's running ok:
$ docker-compose ps
Name Command State Ports
------------------------------------------------------------
docker-permissions_permissions_1 /bin/bash Up And then shell into the container to see if the files are still owned by squidward.
$ ls -l .
total 4
-rw-r--r-- 1 squidward squidward 0 Feb 12 18:21 squidwards-file.txt
drwxr-xr-x 2 squidward squidward 4096 Feb 12 18:19 squidwards-folderSeems to work the same!