About

If bind mount is used with docker within a docker container, this bind mount obtains a uid and guid from the host machine. It is recommended to run container images as a user. In this case, the docker container does not have full access (777 or 666).

Content

Instruction

• Create a folder /kgs on your host machine

• The created folder is granted full access chmod -R 777

• Start the Docker image with a shell

  • docker run -it --rm -v /kgs:/kgs myImage:MyVersion /bin/sh

• The shell is started in the docker container

  • enter /kgs

  • touch abc

  • exit container

• Check the UID and GUID of the created file in the created /kgs folder

• Restricted rights are assigned to the /kgs folder again chmod -R 660

  • Only the owner and the group may access

• On the host machine, check in /etc/passwd whether there is a group with the GUID. If not, create with

  • groupadd -g >GUID> MYGROUPNAME

• Assign the previously created group to the /kgs folder

  • chgrp -R MYGROUPNAME /kgs

• Restart the docker container

  • docker run -it --rm -v /kgs:/kgs myImage:MyVersion /bin/sh

• It should now be possible to write to the folder despite restricted rights

• The docker container can be started normally and the service has access