-1

I have a Docker container that has access to a certain directory on the host using bind-mount (--volume /host/directory:/shared). On the host, this directory and its contents are owned by UID 1001. On the container, they are accessed by UID 501, and this is hard to change.

I want to map the UID for the bind mount. When using plain mount, it is possible to give it --map-users 501:1001:1 option or more low-level -o X-mount.idmap=u:501:1001:1. But how do I achieve this with Docker?

There is a bindfs plugin for exactly this task, but it leverages a FUSE filesystem, which means a noticeable performance penalty. Also, this plugin was seemingly implemented before idmap mount support was added to the Linux kernel.

I tried just appending the idmap option to my mount definition with --volume /host/directory:/shared:X-mount.idmap=u:501:1001:1, but then Docker complains about extra : characters in the volume definition.

Here is the minimal example (I tried adding options after /shared):

docker run --rm -it -v /home:/shared alpine ls -l /shared
Improve this question
3
  • 3
    Is there any reason you can't chmod the host directory (and all subdirs & files) to be g=rwX (and maybe also g+s for the dirs only)? Then you could make a group with the same gid in the docker container, and add uid 501 to that group? Commented Sep 28 at 13:31
  • 1
    You may also need or prefer to make a group on the docker host to be the group owner for those shared files and dirs. or maybe not. Commented Sep 28 at 13:32
  • Thank you @cas, this looks like an interesting workaround. Although leveraging g+w will also require changing umask of the processes using those files, and probably some other non-obvious consequences. Commented Sep 29 at 21:26

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.