TechQA.

Docker as non-root: How to write into mounted filesystem?

75 views Asked by At

I am running docker as non-root, after installing docker as advised here:
https://docs.docker.com/engine/security/rootless/
https://linuxhandbook.com/rootless-docker/

The docker version is

docker -v
Docker version 23.0.4, build f480fb1

and the host system is ubuntu 22.04

Now I wish to build an image, mount a volume from the host and write into it.

I built an example inspired from https://dev.to/izackv/running-a-docker-container-with-a-custom-non-root-user-syncing-host-and-container-permissions-26mb
and
In docker, writing file to mounted file-system as non-root?
The docker file, named trial_Dockerfile, is a follows:

FROM ubuntu:16.04

# Input arguments
ARG UID
ARG GID
ARG USER

# environment variables
ARG DEBIAN_FRONTEND="noninteractive"
ENV TZ Europe/Belgium

# Install some basic utilities and clean up
RUN apt-get update && apt-get install -y \
    nano \
    ca-certificates \
    sudo \
    libx11-6 \
    openssh-server \
 && rm -rf /var/lib/apt/lists/*

# Create a sudo user
RUN apt install -y sudo && \
    addgroup --gid $GID $USER && \
    adduser --uid $UID --gid $GID --disabled-password --gecos "" $USER && \
    echo 'nonroot ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

RUN mkdir /home/$USER/app && \
    chmod -R 755 /home/$USER/app && \
    chown -R $USER /home/$USER/app

# Set the non-root user as the default user
USER $USER
WORKDIR /home/$USER/app

I built the image with

docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f trial_Dockerfile -t vplants/trial:1.0  .

and ran it with either

mkdir ~/Data && docker run -it --rm -v ~/Data:/home/jdurand/app:rw vplants/trial:1.0

or

mkdir ~/Data && docker run -it --rm -v ~/Data:/home/jdurand/app  -u `id -u $USER` vplants/trial:1.0

but in both cases, I obtained

jdurand@fca8fa4b16b9:~/app$ ls -la
total 8
drwxrwxr-x 2 root    root    4096 Nov 20 16:18 .
drwxr-xr-x 1 jdurand jdurand 4096 Nov 20 16:16 ..
jdurand@fca8fa4b16b9:~/app$ touch test
touch: cannot touch 'test': Permission denied

so the whole procedure did not have the expected result, user jdurand has no permission on /home/jdurand/app within the container.
Does anyone know how I could write into ~/Data within the container please? (I mean without reinstalling docker and running it as the root user)

docker rootless
Original Q&A
0

There are 0 answers

Related Questions in DOCKER

Related Questions in ROOTLESS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions