DEV Community

loading...

Specifying user and group in Docker

acro5piano profile image Kay Gosho ・2 min read

If we use Docker as our development environment, we would use docker command to generate files.

e.g.

docker run --rm ruby:2.4 bundle exec rails g ...
docker-compose run --rm web composer install
Enter fullscreen mode Exit fullscreen mode

The problem is that the owner and group of files that these commands generate are always root.

Note: this problem may happen only with Linux's Docker. Mac doesn't. Windows unknown.

Solution 1: Dockerfile

We can set owner and group in Dockerfile.
The official document says we can do it by USER postgres, but we can also set group with :.

# Dockerfile

USER 1000:1000
Enter fullscreen mode Exit fullscreen mode

However, this way specifies owner and group id.
I found more flexisible solutions.

Solution 2: command argument

docker run -u 1000:1000 debian bash

In this way, we can set user and group with shell variables like $UID.
Or getent group staff | cut -d: -f3.

Solution 3: specify in docker-compose.yml

I was looking for this.

The principle is the same as solution 2, so the following config works well:

# docker-compose.yml

web:
  image: ruby:2.4
  user: "${UID}:${GID}"
Enter fullscreen mode Exit fullscreen mode

Then run

UID=${UID} GID=${GID} docker-compose up

Or, export these variables as environment variables, ignoreing bash: UID: readonly variable

export UID=${UID}
export GID=${GID}
docker-compose up
Enter fullscreen mode Exit fullscreen mode

Environment

  • Arch Linux
  • Docker 1.12.3 linux/amd64

Off topic

My favorite desktop Linux is Arch Linux.

pacman, the package management system for Arch, always provides the latest version of any package.

With Docker container, any host machine is OK.

Refs

Discussion (15)

pic
Editor guide
Collapse
kpod13 profile image
Timur Vasyunin

Or you can also set up user/group remapping by configs of your OS (/etc/subuid, /etc/subgid). See docs.docker.com/engine/security/us... to get more information.

It can be more convenient is some cases.

Collapse
acro5piano profile image
Kay Gosho Author

Thanks for the information!

Collapse
devnix profile image
Dev_NIX • Edited

You can also provide a default value, and override it with the environment variable or with a docker-compose.override.yml:

web:
  build: 
    context: docker/web
    args:
      uuid: ${CURRENT_UID:-1000}

And then in your Dockerfile:

RUN usermod -u $uuid www-data
Collapse
acro5piano profile image
Kay Gosho Author

Thank you for the information!

Collapse
varunbatrait profile image
Varun Batra

Any way without export UID?

Collapse
acro5piano profile image
Kay Gosho Author

env UID=${UID} GID=${GID} docker-compose up would work without export UID, I suppose!

Collapse
varunbatrait profile image
Varun Batra

Hi, if I do this, on restart (if I have docker always restart) permission is lost on system boot. Hence, this isn't a good way to do it.

Thread Thread
acro5piano profile image
Kay Gosho Author

Hi Varun,

Oh really? I don't have such experiences, as file permission usually doesn't change on system boot.

Thread Thread
varunbatrait profile image
Varun Batra • Edited

Hi

Let us say that you have a docker container which will keep creating files with some logic - in my case it is compressing the images.

I have written a blog for the docker I have added to a tool:

Lossless Image Compressions using Docker

Now what it does is - it reads image - move image to temp folder, compress it, copy back to its original location.

All goes well as I have started it with $UID as mentioned in your post.

However, let us say now the machine is restarted - somehow $UID becomes a root.

If you have observed the same problem? After restart - some images I uploaded are now compressed with the root user and not www-data as originally intended.

Thread Thread
acro5piano profile image
Kay Gosho Author

Sorry for my slow response.

I didn't investigate the problem deeply, and moving files to /tmp or such directory, and restart the machine.

Actually I recently don't use Docker on Linux with daily development. In production we don't store data to disk so don't care about the permissions.

Collapse
grekpg profile image
grekpg

when i add

php:
build: ./docker/php-fpm
user: "${UID}:${GID}"

i get

WARNING: The UID variable is not set. Defaulting to a blank string.
WARNING: The GID variable is not set. Defaulting to a blank string.

Collapse
acro5piano profile image
Kay Gosho Author

I have seen that warnings. Did you set Docker user though?

Collapse
varunbatrait profile image
Varun Batra

Hi, You didn't set UID and GID first. Set those variable by either creating a bash - or set it zshrc file (or alike)

Collapse
jnguyen1192 profile image
jnguyen1192

It works !

Collapse
pancutan profile image
Sergio Alonso

Thanks buddy, you make my day.