When implementing development environments inside a container, usually I want to:
- Run as non-root inside the container (many tools do not like being run as root).
- Behave as the non-root user executing the container when reading/writing from mounted volumes
There are some additional (small) security benefits from running as non-root inside a container.
The solution to these problems is complicated by the way that different container runtimes behave:
Across the different container runtimes, there is often a flag such as userns=keep-id
that maps the UID:GID of the host to the container. Linux creates users by default with UID 1000, so default non-root users will often map directly to host UID.