I am trying to contain the dependencies of a complex application within a docker container, but let it operate on my own files, without having conflicting UIDs at the end. In essence, I want to run something like:
docker run \
--rm \
--volume $HOME/playbook:/playbook --workdir /playbook \
--user $(id --user) \
container_image
However, this fails because the application expects the provided UID to correspond to a username:
getpwuid(): uid not found: 1000
I ended up putting this in the Dockerfile:
RUN \
for uid in seq 1000 1010; do \
adduser --home /tmp/user_$uid --uid $uid user_$uid; \
done
Is there a better solution?
答案 0 :(得分:1)
对于更便携的东西,可以将/ etc / passwd和/ etc / group文件作为只读文件挂载到容器中:
docker run \
--rm \
--volume $HOME/playbook:/playbook --workdir /playbook \
--user $(id --user) \
--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
container_image
如果容器希望定义自己的用户名,则有两个缺点:图像的文件权限可能包含错误或缺少的用户/组定义。