UIDs/GIDs could be mis-matched from container and host

[MrDonkey07]

Due to auto-creation of UIDs and GIDs in the container, permissions could be incorrectly mapped when files are persisted on the host.

Consider this example:

Host has the following users and groups

UID	Name
1000	root
1001	admin1
1002	admin2
1003	user1
1004	user2

GID	Name
1000	root
1001	admin_grp
1002	user_grp

If this container is launched with a config specifying 2 users like this:

"Users": [
        {
            "Username": "user1",
            "Password": "pass1"
        },
        {
            "Username": "user2",
            "Password": "pass2"
        }
    ]

Then the container will contain the following groups:

GID	Name
1000	sftp-user-inventory
1001	user1
1002	user2

Files created by user1 in the container will be owned by admin1:admin_grp on the host.
Files created by user2 in the container will be owned by admin2:user_grp on the host.

[winromulus]

Hi,

I'm not sure if this is really an issue that can be solved: If you use the sftp container with a volume mount and want the host to reflect those permissions, manual mapping is required of UID/GID is required. I don't think there's anything we can do to support this scenario automatically.
The intent of this project is to ensure security from within the container, not from outside access to the stored data (which is outside any control options that I can think of).
I'm going to close this issue as won't fix because there's no solution to it. If you can think of a way of making this work in a generic way (without compromising the security of the container), please reopen and we can evaluate together.

[Merith-TK]

Hey, third perspective here but what you can do, is at runtime read the config for userid value, and when "creating" the users, set their ID to that value