I have a docker image which contains an eclipse. I run the eclipse in the image under an account named eclipse. I want to start the image with my workspace directory form the host machine bind-mounted into the container. Unfortunately the owner of the mounted volume inside the container is not eclipse. The mounted volume just preserves the UID and GID from the host.
Is there a way to control under which UID and GID is the volume mounted in the container?
I believe at this point there is no way to set the UID and GID as a mount option in docker. But there are at least two ways of getting around this:
Match UID and GID of the owner/user in the host and container. In your case, if the owner ID and GID on the host is say 1000, make sure the uid/gid of the owning user in the container has the same UID and GID, in this case 1000.
Use the file access control list command getfacl - get the uid/gid of the workspace directory owner on the container, and use setfacl command to grant this id read/write permission at the host. You have to run setfacl on the host. This way the acl rights will propagate to the container. I would not recommend making any ownership changes at the container level, as that will mess up the owership on the host and it won't be preserved the next time you launch a container from an image.
Remember, when it comes to file permissions only the numeric id matters.
Helpful links - permission inside containers
ACL might look like. –
Antony Is it acceptable to make the workspace world-writable? I believe there is no way to change the uid/gid of the mounted directory so the only alternative is matching uid/gid between host and container (nasty :( )
See https://github.com/docker/docker/issues/7198 for info on uid/gid
© 2022 - 2024 — McMap. All rights reserved.