5

I'm trying to run a Docker container with a custom made image, with a given user. I have an entrypoint.sh, that can change the running user according to an environment variable provided at the Docker command line, with -e USER=myuser.

I have the very same user in the host machine. This can be done in different host machines, and I can ensure this user exists in any host we use. But I'm having troubles because I cannot ensure that the numerical id for this user is always the same (say 1001). At the Docker container execution command line I mount some local folders with -v <src>:<tgt>, and the application in the container creates additional folders and files in <tgt>.

The problem is that although the user in the host and the container have the same name (say myuser), the numerical id for it can change (say e.g. 5000 in the host and 1001 in the container), so I get problems when reading files and folders under the mounted path.

What is the best solution to ensure that, at execution time, not only the user name but also the user id is the same in the host and in the running container?

EDIT

I see I did not explain myself AT ALL, and mixed things. I will try to explain my problem again:

  1. I did create a Linux-based image, and in this image I: a) installed a set of packages as root; b) created a certain user myuser, and switched to that user with USER <usr> in the Dockerfile; and c) copied my own software and installed in the image, as the user myuser, and this software must be executed by that user.

  2. I created the very same user myuser in another machine

  3. launched a container from this image, in another machine, and shared some folders (owned by the user myuser) from the host file system with that container.

The problem appeared because the numerical id for the user myuser was 1001 in the Docker image, and 5000 in the other host, when the container was executed.

One solution would be to force the numerical id being the same any time the user gets created in any host machine. The problem is that I cannot be sure this will be always possible in the host that runs the images.

J C Gonzalez
  • 861
  • 10
  • 23

2 Answers2

2

You should specify the user in the Dockerfile with command USER. The options -e USER=myuser will create a environment variable, but it doesn't change the user by default.

Reference: https://docs.docker.com/engine/reference/builder/#user

Rodrigo Brito
  • 378
  • 3
  • 9
2

If you are using linux based image (say ubuntu for example), in your Dockerfile, you will need something like

sudo addgroup --gid 3000 mygroupname && 
sudo adduser --uid 4000 --gid 3000 --disabled-password --gecos "" myusername
  1. I'm using 3000 and 4000 just as examples. They can both be same number if you want them to be.
  2. Whether to disable password or not depends on what you want to do with the user.
  3. gecos is for setting full name, room number, work phone etc for the user. We are setting them all to be blank. You can definitely set them to something more useful if you want to.

You will have to switch to that user and maybe use that user's home directory as your work directory. Lines in Dockerfile would be:

USER myusername
WORKDIR /home/myusername
Phani Kandula
  • 387
  • 2
  • 3
  • Thanks, I do this, of course. The problem is that I get different numerical Ids in the image and the host machine. One solution would be to force these ids being the same, but I cannot ensure this for the host machines (see my edit in the question, since I did not explain myself in the first place). – J C Gonzalez Sep 17 '18 at 07:53
  • 1
    @JCGonzalez curious, why did you accept this answer if it hard-codes the `uid`? Isn't the issue that you want to be able to dynamically set it based on the host? Or did you find hardcoding it was the only way to make it work? – ecoe Mar 06 '23 at 15:30
  • I found hardcoding was the only way in my case, but the question is a bit old and perhaps now there is another mechanism possible. – J C Gonzalez Mar 21 '23 at 12:58