Docker: group of a shared volume changes depending on host user

Summary: The group of a shared volume changes within the docker container, depending on which user of the host machine is running the container.

In my host machine I have two users: userHost1 and userHost2

  • Configure docker images as executable
  • Setting a static IP to docker container using LXC driver
  • How to execute script during image build in Docker
  • REPLICAS remains 0 after running `docker stack deploy` command in manager machine
  • Integrating Docker with Xdebug and Sublime Text on PHP environment
  • Fail to create postgres extensions through bash script
  • Logged in as userHost1 I get the debian image and I built a docker image with the following Dockerfile:

    FROM debian
    
    RUN adduser --disabled-password --gecos '' user
    

    After that, when I run docker with userHost1 and load a shared volume, I can write on it. But if I load it with userHost2 I cannot write.

    Running docker as userHost1:

    userHost1@host:~$ docker run -t -i -u user -v /home/userHost1/try/:/try/ my_debian
    user@a4b9df2f89ed:/$ ls -ahl
    ...
    drwxrwxr-x   2 user user 4.0K Mar 19 03:41 try
    ...
    

    But if I log into the host as userHost2:

    userHost2@host:~$ docker run -t -i -u user -v /home/userHost2/try/:/try/ my_debian
    user@eb169acd52b4:/$ ls -ahl
    ...
    drwxrwxr-x   2 1002 1002 4.0K Mar 19 03:45 try
    ...
    
    user@eb169acd52b4:/$ touch try/hello
    touch: cannot touch `hello': Permission denied
    

    Why is this happening? I thought that the user in the host was irrelevant for a docker container. Is it because I pulled the Debian image as userHost1?

    Of course both userHost1 is the owner of /home/userHost1/try/ and userHost2 is the owner of /home/userHost2/try/.

  • How to obtain Docker image ID from API after building?
  • How to set hostname in global service in Docker Swarm
  • What happens to the data when a docker container crashes
  • Docker Ruby 2.2.3 simply Rails App
  • Why can I see the docker container process when I do a “ps aux” on the host?
  • Odoo development on Docker
  • One Solution collect form web for “Docker: group of a shared volume changes depending on host user”

    It’s just a simple permissions issue. Remember that the uids are the same in the container and on the host, but user names may be different (so uid 1002 may have different names on the host and in the container).

    The owner of /home/userHost1/try/ has the same uid as the user user in the container. The owner of /home/userHost2/try/ is uid 1002, which is not the same as user in the container, so user cannot write to the directory.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.