Docker mount volume permission is managed with fixuid

I know how to use the command fixuid, so I'll share it.

problem

If you mount volume from host with docker/docker-compose and spit out files there, it will be spit out as root. Alternatively, there is no user on the host side that corresponds to the user created in the container. Alternatively, even if you specify the UID/GID of the user on the host side and docker run, the user is not in the container this time.

The root of the problem

The system is not always the same when docker build and docker run Therefore, user id and group id are different.

Coping

It's almost like this

make_env.sh


#!/bin/sh

#Appropriate.If you can create env, you don't have to use it
touch .env
echo "UID=$(id -u $USER)" >> .env
echo "GID=$(id -g $USER)" >> .env
echo "UNAME=$USER" >> .env
...
RUN useradd hoge #Each user name should be cool
RUN USER=hoge && \
    GROUP=hoge && \
    curl -SsL https://github.com/boxboat/fixuid/releases/download/v0.5/fixuid-0.5-linux-amd64.tar.gz | tar -C /usr/local/bin -xzf - && \
    chmod 4755 /usr/local/bin/fixuid && \
    mkdir -p /etc/fixuid && \
    printf "user: $USER\ngroup: $GROUP\n" > /etc/fixuid/config.yml
#So far root user
#Hoge user from here
USER hoge:hoge

ENTRYPOINT[ "fixuid" ]
#If there is something else that uses ENTRY POINT, you can add it like unshift.
# ENTRYPOINT[ "fixuid", "docker-php-entrypoint" ]etc

docker-compose.yml


hoge:
  image: php:latest
  user: "${UID}:${GID}" # <= .Read from env
  volumes:
    - ....

How to use

#Each person who uses it hits for the first time.Generate env
./make_env.sh

#The rest can be used normally
docker-compose up -d

principle

--Create user at build time according to Dockerfile best practices. At this point, there is no guarantee that the UID/GID will match the runtime. --The UID/GID of Linux users can be rewritten. fixuid will do that and then execute the command you passed --An executable file with 4xxx permissions operates with the owner privileges of the executable file. fixuid uses this to change uid without sudo --Other things like rewriting $ HOME --During docker run, by giving the uid/gid of the host side user from the outside, the uid/gid recorded in the file system will be matched by host-guest. --Use .env as a means of giving. docker-compose reads .env --Get uid/gid with id command --Since the uid/gid match, you can read it properly from both host and guest!

reference:

Recommended Posts

Docker mount volume permission is managed with fixuid
Make Volume faster when using Docker with vscode.
What is Docker?
What is Docker
docker volume checked
What is Docker
Is it faster if the docker bind mount is readonly?