New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mounting volumes and mapping host user to docker user #22258

Open
smyth64 opened this Issue Apr 22, 2016 · 10 comments

Comments

Projects
None yet
10 participants
@smyth64

smyth64 commented Apr 22, 2016

I want to start a docker container (postgres) and mount the folder /var/lib/postgres/data to my local system.

docker run -e POSTGRES_PASSWORD=123456 -v `pwd`/postgres:/var/lib/postgresql/data postgres

On my Host: ./postgres has the right owner. Nice!
But inside Container: /var/lib/postgresql/data has the owner root:root. the postgres user cannot access the /var/lib/postgresql/data folder...

Now my question.

How can I tell docker, to map my local user smith:staff to the postgres:postgres user inside the container?

btw: i also tried it with

docker run -u postgres:postgres -e POSTGRES_PASSWORD=123456 -v `pwd`/postgres:/var/lib/postgresql/data postgres

Using this command, my postgres won't start at all.
#21702

Client:
 Version:      1.11.0
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   4dc5990
 Built:        Wed Apr 13 19:36:04 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.11.0
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   a5315b8
 Built:        Mon Apr 18 19:19:21 2016
 OS/Arch:      linux/amd64

Output of docker info:

Containers: 3
 Running: 3
 Paused: 0
 Stopped: 0
Images: 10
Server Version: 1.11.0
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 154
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null host bridge
Kernel Version: 4.4.6
Operating System: Alpine Linux v3.3
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.956 GiB
Name: docker
ID: IY64:5E2P:FPZB:G3DH:32BS:5IXL:EHF6:5XC6:HL7D:HKU6:7OBK:U3J4
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): true
 File Descriptors: 29
 Goroutines: 70
 System Time: 2016-04-22T17:15:36.809782696Z
 EventsListeners: 2
Registry: https://index.docker.io/v1/

Additional environment details (AWS, VirtualBox, physical, etc.):
Docker Beta for OSX

Steps to reproduce the issue:
1.
2.
3.

Describe the results you received:

Describe the results you expected:

Additional information you deem important (e.g. issue happens only occasionally):

@cpuguy83

This comment has been minimized.

Contributor

cpuguy83 commented Apr 22, 2016

The issue is the entrypoint script is expecting root access when it first starts up: https://github.com/docker-library/postgres/blob/master/9.5/docker-entrypoint.sh
So when you start with -u postgres:postgres it can't startup.

In the short term it would be best to use an image that's ready to go with the correct uid/gid.

@donnykurnia

This comment has been minimized.

donnykurnia commented May 10, 2016

I also want to know how to make volume mapping possible in docker-beta. When using docker-machine, I use nfs mount in the docker-machine's boot2docker. How can I mount nfs inside Alpine?

@blafasel42

This comment has been minimized.

blafasel42 commented Sep 14, 2016

Hi, i was facing the same problem lately. any news here? Would like to mount a host volume and make sure all files there belong to my developer user, not some unidentified user 1000.

@cpuguy83

This comment has been minimized.

Contributor

cpuguy83 commented Sep 14, 2016

@blafasel42 (generally) users on the host match users in the container. If you want the host dir to have a particular UID/GID you need to set it.

@cpuguy83

This comment has been minimized.

Contributor

cpuguy83 commented Sep 14, 2016

docker4mac is a slightly difference case since it does map UID/GID into the UID/GID that the container process was started with.

@smyth64

This comment has been minimized.

smyth64 commented Sep 14, 2016

I wrote a script which lets you map your userid/groupid to any user inside docker.

This is a fully working example.
https://github.com/schmidigital/permission-fix

Please try and let me know, if you have any questions :)

@mga0

This comment has been minimized.

mga0 commented Mar 3, 2017

@smith64fx it should not be possible to map the hosts userID to the root one's from the docker image, right (1000=>0)?

I get into trouble with the script at this point:
Changing the ID of root user to 1000 usermod: user root is currently used by process 1

@petecog

This comment has been minimized.

petecog commented Apr 12, 2017

spotted this, but not tried it yet. Looks like it might work https://denibertovic.com/posts/handling-permissions-with-docker-volumes/

@Vanuan

This comment has been minimized.

Vanuan commented Apr 30, 2017

I have a similar issue:

When I mount host directory and create some files/directories in it under docker it is created with a root owner.
It means that I must use sudo if I want to delete it. This causes problems, especially in CI when CI user can't clean workspace.

To resolve the issue I've created all the folders and files that are created in the mounted directory, so that they have the host user owner. In addition I have to provide user: $(id -u):$(id -g) but unfortunately docker compose file doesn't support command interpolation, so it requires an additional shell script. And finally, $HOME should be adjusted to point to the mounted directory.

Alternatively, /root should be owned by that user, but that would require providing build arguments to the Dockerfile.

Also, we can use adduser/addgroup under root and then su to the newly created user. But that would require a script that will check whether user is already created.

As you can see, mounting volumes is not without issues, as linux filesystems tend to store owner on the disk and there's no way to abstract that away using containers.

@cuongtransc

This comment has been minimized.

cuongtransc commented Jul 26, 2017

This problem can be solved by using docker-entrypoint.sh

  1. Using variable like MAP_USERID.
  2. When running Docker Container, the first command to be run is docker-entrypoint.sh, will run usermod and chown directory.
# Set default WWW_DATA_USERID if not exist
# password is limited by 8 characters
: ${WWW_DATA_USERID:=33}

usermod -u $WWW_DATA_USERID www-data
groupmod -g $WWW_DATA_USERID www-data

chown -R www-data:www-data /var/www/html

exec "$@"

https://github.com/cuongtransc/docker-training/blob/master/images/wordpress/docker-entrypoint.sh#L220-L229

Reference: https://eggclub.org/thay-doi-owner-cua-mount-volume-khi-dev-voi-docker/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment