Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Wrong User OWNER on folder or file: docker run -v :/ — Not working for user defined in Dockerfile

by |Published

Host OS: Red Hat Enterprise Linux Server release 7.9 (Maipo)

Guest OS i.e. a Docker container running: OpenSuse 15.2

Docker Version (on Host): Docker version 19.03.5, build 633a0ea

On host, when I git clone a repository “utilities_scripts” I have valid access for the user (due to umask). I tried umask 0002 or 0022 etc, still the following issue is not resolved.

  • I think the issue here is not permission related but WHY the USER defined in the Dockerfile is not getting set as the owner of folders/files (which are getting mounted) inside the docker container, when I issue the following docker run ... command.

NOTE:

  1. When I try the same docker image from a different Linux machine, the folder/files are mounted as the user “docker_non_root_user” which is defined in the Dockerfile as USER docker_non_root_user.
  2. docker build ... runs successfully and creates an image, and the container works on a different machine (when I mount the git clone repos inside the container using -v <host>:<container> docker CLI option syntax.

Code snippet from Dockerfile is:

# Define any mount points references
VOLUME ["/home/docker_non_root_user/git"]

USER docker_non_root_user
WORKDIR /home/docker_non_root_user/git

This is what I see on the host where I have the Dockerfile USER ... ownership issue:

[gigauser@jenkins-projectABC bitbucket_workspace]$ whoami
gigauser
[gigauser@jenkins-projectABC bitbucket_workspace]$ id
uid=gigauser(gigauser) gid=21520(jenkins) groups=21520(jenkins),3000(ectx)

[gigauser@jenkins-projectABC bitbucket_workspace]$ umask
0077
[gigauser@jenkins-projectABC bitbucket_workspace]$ ls -l
total 12
drwx------  5 gigauser jenkins 4096 Feb  3 16:36 utilities_scripts
[gigauser@jenkins-projectABC bitbucket_workspace]$


[gigauser@jenkins-projectABC bitbucket_workspace]$ sudo docker image ls
Active Directory Password:
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
project-im-opensuse   15.2                0c9ee31464cd        43 hours ago        2.39GB
[gigauser@jenkins-projectABC bitbucket_workspace]$

[gigauser@jenkins-projectABC bitbucket_workspace]$
[gigauser@jenkins-projectABC bitbucket_workspace]$ sudo docker run -v $PWD/utilities_scripts:/home/docker_non_root_user/git/utilities_scripts/ -it project-im-opensuse:15.2 bash -c "whoami; id; which bash; bash --version; ls -l; echo; ls -l utilities_scripts; ls -l /home/docker_non_root_user/git/utilities_scripts; id gigauser; echo"

WARNING: IPv4 forwarding is disabled. Networking will not work.


docker_non_root_user
uid=1000(docker_non_root_user) gid=487(docker_non_root_user) groups=487(docker_non_root_user),100(users)

/bin/bash
GNU bash, version 4.4.23(1)-release (x86_64-suse-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
total 8
drwx------ 5 gigauser 21520 4096 Feb  4 00:36 utilities_scripts

ls: cannot open directory 'utilities_scripts': Permission denied
ls: cannot open directory '/home/docker_non_root_user/git/utilities_scripts': Permission denied
id: 'gigauser': no such user

[gigauser@jenkins-projectABC bitbucket_workspace]$

When I run the same command on other Linux machine, I see the mounted utilities_scripts folder’s owner is docker_non_root_user.

Question: WHY I’m seeing the USER-ID of host’s user (where I’m running docker run command) is getting set inside docker container on the folder utilities_scripts, when no such user ID exists inside the container? (see 2nd last line in the above output above). It’s currently getting the same host’s owner and folder level permissions inside the docker container.

gigauser i.e. host’s user, is not there in docker container but the file ls -l output shows gigauser is the owner of utilities_scripts folder/files in the container. This issue is not coming on other host machine.

I even checked /etc/subuid file, looks ok to me. Changing the value inside to docker’s user didn’t help. Also I don’t see anything related to this in /etc/docker/daemon.json file.

$ cat /etc/subuid
gigauser:165536:65536

Running the same docker run ....options command above from the other Linux host machine, it shows the folder ownership inside docker container as:

drwx------ 5 docker_non_root_user 1000  272 Jan 26 21:52 utilities_scripts

You may also like