Docker userns-remap cannot write to mounted directory
to answer your question, the best way is to use 'user namespace' feature of the docker engine.
here's an example of how to use.
let's say your host user is myuser
with id 3000
add myuser:3000:65536
to your /etc/subuid and /etc/subgid files
update your /etc/docker/daemon.json with this:
{
"userns-remap": "myuser"
}
don't forget to restart your docker engine :)
and that's it , all files belonging to your myuser
local account will belong to id 0
is your container and the opposite will true as well.
This should help you fix your issue.
Let me know
Docker Why are permissions wrong after bind mount?
created a ~/tmp_docker/
in the host user's home directory and bind mounted that with -v
, got the correct permissions in the container and will use this and can use this as ~/tmp/
in my container!
Saying this, I'm not sure why my host's /tmp/docker/
would not bind with the correct permissions.
Docker file permissions mismatch between host dir and container using bind-mount
Since you're bind-mounting the python container in docker-compose, the Dockerfile files and existing permissions are irrelevant. At runtime, it mounts pwd
to /PROTON, so anything in the image at /PROTON is hidden and the container only sees the pwd
on host.
The user in the container is a simple UID and GID number match to the host. For instance, use id
command on host to get your UID and GID. For me, they are 1000 and 1000. You just need to ensure the user and group running in the container are that same UID/GID.
RUN groupadd --gid 1000 proton \
&& useradd --uid 1000 --gid proton --create-home proton
Now that your host user and container user UID/GID are the same, you'll notice that files created in pwd
match the usernames of each user. Linux on host will look up the UID 1000 and see its your host user (for me it's bret
) and if you do a docker-compose exec proton ls -al /PROTON
you should notice it'll lookup user 1000 in the container and see proton
. The usernames are just friendly names for the ID's, so just ensure they match between host user and container use and you'll be good.
Unrelated tips:
- You can change the user that compose starts your container with, using
user: username
, but if it's the one you put in Dockerfile with USER then no need in this case. - Your Dockerfile COPY command can use chown inline, to save you a step and space in image:
COPY --chown=1000:1000 . /PROTON
, orCOPY --chown=proton:proton . /PROTON
How to solve permission denied when mounting volume during docker run command?
The issue was that I am running with usernamespaces and did not have the correct mapping.
In my distribution the file /etc/subuid
contains this:
david:100000:65536
But I had to make it look like this:
david:1000:1
david:100000:65536
So that my own uid would be mapped to root inside the container.
A nice guide seems to be this one https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/
Related Topics
How to Make a Cross Compiler Using Gcc
Generic Printing Using a Usb Port
Sort a Find Command to Respect a Custom Order in Unix
Logstash Too Many Files Opened
Gitlab-Ci Alpine Image: Host Key Verification Failed
Command and Script to Re-Read a File in Gnuplot
Parallel Processes: Appending Outputs to an Array in a Bash Script
Headless Protractor Tests Don't Plug on Xvfb
How to Use Schell Script to Read Element from a File, Do Some Calculation and Write Back
How to Get The Process Id of Command Executed in Bash Script
Complete Password Field Scp Command on Linux
Change The Rlimit_Nproc in Linux
Redirecting Output of a C Program to Another C Program with a Bash Script Under Linux
Start Tomcat from Eclipse in Port 80 in Ubuntu with Authbind
Suppressing Compile Time Linkage of Shared Libraries