Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Docker without root owning all files created outside
version: '3.2'
services:
build:
context: .
dockerfile: Dockerfile
restart: "no"
environment:
LOCAL_USER_ID: $USER_ID
LOCAL_USER: $USER
volumes:
- "$HOME:/home/$USER:z"
- ".:/build:z"
FROM anapsix/alpine-java:8_jdk
RUN apk add su-exec
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
WORKDIR /build
CMD ["sh"]
#!/bin/bash
export USER_ID=${LOCAL_USER_ID}
export USER=$LOCAL_USER
echo "Starting with UID : $USER_ID : $USER"
/usr/sbin/adduser -s /bin/zsh -u $USER_ID -h /home/$USER -D $USER
export HOME=/home/$USER
/sbin/su-exec "$USER" "$@"
# ensure that both $USER and $USER_ID are set
alias docker-compose="USER_ID=`id -u $USER` docker-compose "
docker-compose up
@MateuszKubuszok

This comment has been minimized.

Copy link
Owner Author

commented Sep 26, 2018

When running Docker in Linux sometimes I need to write files outside Docker - e.g. I use it to build and run app agains prod env with Docker, while I edit files locally and build output is used by IDE.

But I quite often end up with situation when files generated by Docker are not accessible by IDE (not build run outside the Docker) because they are owned by user from inside a Docker container. This code is a workaround which aligns internal user's name and ID with the host' ones, so that files created on the outside are seen as owned by current user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.