In docker, writing file to mounted file-system as non-root?

Question

I have a docker container with a -v /home/dan:/home/dan:rw. When the container writes files to /home/dan, the files are owned by root in the host filesystem. Is there a way to make it so that files written from the container to the mounted volume are owned by some arbitrary user on the host filesystem?

Answer 1

As François Zaninotto has pointed out, the user id can be used.

This can be done by using the -u switch for the docker run command.

For example:

docker run -v /home/dan:/home/dan -u `id -u $USER` IMAGE

Answer 2

EDIT: this has changed since my original answer which said it couldn't be done. As per answer of Mandark:

This can be done by using the -u switch for the docker run command.

For example:

docker run -v /home/dan:/home/dan -u `id -u $USER` IMAGE

Answer 3

A follow up to mandark answer - I would say it's also good to include the user group otherwise you will end up with stuff belonging to user: USER and group: root. To achive user:user just pass in group id as well, for example:

docker run -v /home/dan:/home/dan -u `id -u $USER`:`id -g $USER` IMAGE

# if it's for the current user, then you can omit the $USER env var

docker run -v /home/dan:/home/dan -u `id -u`:`id -g` IMAGE

Answer 4

It's possible. It's hard to automate, but it's possible. Here is the process:

1. in the host, determine the current user id and group id

2. in the docker container, run a shell script to:

   • add a new group with the group id from the host
   • add a new user with the same user id from the host (and belonging to the group just created)
   • sudo as this new user

Now, each file generated inside the container will be using the right user id and group id, and the host will attach them to your user.

I've written a tool to automate that using make, it's called make-docker-command. Hope this helps.