-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: CLI flag for running container as the current user #3498
Comments
Thanks for opening this ticket; generally, I can see this being useful (especially for development situations) I want to discuss with other maintainers on the design/feature. I was also considering if we add this feature if it would perhaps make sense to define a special case for this on the Of course if we go that route, we need to think of that "special" value, and make sure it doesn't (easily) conflict with actual names that someone could use), e.g. --user=current
--user=current-user
--user=keep I think BuildKit uses --user=local |
/cc @ndeloof @rumpl @tonistiigi perhaps you have ideas as well |
I like this feature and would like we align with buildx and compose on this topic. |
Yes, I like |
We should also think about possible combinations of |
Thanks for the suggestion! I didn't think about extending the I also find the value I've updated my pull request: #3499. Or should I rather close it and open a new one with a new description? |
No, it's perfectly fine to continue on the existing PR; we can review the changes, and make updates on it while we come to consensus on design. |
Should we consider that I'd prefer a solution that clearly communicates that we have a special "username" / "username:group" value here. |
@albers I also think this would be better this feature is triggered by some special syntax that can't conflict with an actual user name. |
Yes, it's tricky; to detect if there's a conflict we'd have to create the container first to check if there's a user with that name inside the container. |
so we need to define this special value as something that can't be a user name by POSIX standard. |
@thaJeztah My concerns are not about a user in the continer. I was thinking about a user "Fred Current" with the user name "current" trying to issue I'm against overloading specific legal argument values with special meanings. If an option triggers an alternative operating mode of a command, that fact should be made obvious by a distinct syntax variant. |
I'm not against a new |
The simplest solution without introducing a new flag would be treating The Also, which do you think would be better: |
|
IMHO, an option should either be boolean or have a value. Mixing both concepts leads to user interfaces that are hard to comprehend. |
It's probably by design, due to that ambiguity - if I was to execute
It would likely require handling on the GUI side in a way that wouldn't directly correspond to the CLI parameter, which is a bit messy. As for the shell completion - to be honest, I don't know. 😂 I initially liked the idea of reusing |
There are many use cases where Docker containers are used as development environments to bundle dependencies and provide consistent development experience. Docker daemon uses such an approach as well). In order to allow developers to modify the files in the IDE outside the container, the project’s working directory is often mounted inside the container like this:
$ docker run -v $(pwd):/mount my_container /bin/bash
However, this creates a problem where all the files, created by the process inside the container, are owned by this process’ user, which is often root. Removing root-owned files from the project directory requires juggling
sudo
commands around and is tedious in general.Often it’s not even necessary to run the containerized process as root at all, and the following command can be executed to run it as the current user:
However, this is cumbersome to type in the terminal and bloats the scripts in which it’s used. It would be neat to have a dedicated boolean flag, for instance
--current-user
, which would fetch the current user’s UID and GID (using Go’s standard library) and use them for running the container’s process.This would shorten the above example to:
$ docker run --current-user -v $(pwd):/mount my_container /bin/bash
The text was updated successfully, but these errors were encountered: