You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Never ever use usernames and groupnames in a Docker environment unless you can garantee that the numbers (UID,GID) are the same within all environments.
What in the end really counts are the numbers (UID and GID). The numbers is the only thing the kernel cares of and which get shared between all environments ((hosts, container A, container B).
Example:
A shared file which is owned by UID 1000 on the host is also owned by UID 1000 within every container which has access to the file.
How to overcome problems:
Suppose you have an user www-data in two different containers. Since the only thing that matters in the end are the numbers, you must specify exactly the same UID and GID when generating the group and the user. Don't let the system assign these numbers automatically, because then the outcome is random (depends what's the next free number) and you end up with the problems you actually have.
BTW: use ls -n to show the numbers. You will see the numbers will be exactly the same everywhere, just the name-to-number mappings are different.
Additionally:
If the user(s) and group(s) get automatically generated during a package installation, you can map the group(s) and user(s) to different numbers afterwards.
But be warned: you must take care of the files which already belongs to that user and group manually, which means: find the files matching the old UID and GID and chown'ing them to the new UID and GID.
An example how this remapping can be done is HERE.
The text was updated successfully, but these errors were encountered:
Never ever use usernames and groupnames in a Docker environment unless you can garantee that the numbers (UID,GID) are the same within all environments.
What in the end really counts are the numbers (UID and GID). The numbers is the only thing the kernel cares of and which get shared between all environments ((hosts, container A, container B).
Example:
A shared file which is owned by UID 1000 on the host is also owned by UID 1000 within every container which has access to the file.
How to overcome problems:
Suppose you have an user www-data in two different containers. Since the only thing that matters in the end are the numbers, you must specify exactly the same UID and GID when generating the group and the user. Don't let the system assign these numbers automatically, because then the outcome is random (depends what's the next free number) and you end up with the problems you actually have.
BTW: use
ls -nto show the numbers. You will see the numbers will be exactly the same everywhere, just the name-to-number mappings are different.Additionally:
If the user(s) and group(s) get automatically generated during a package installation, you can map the group(s) and user(s) to different numbers afterwards.
But be warned: you must take care of the files which already belongs to that user and group manually, which means: find the files matching the old UID and GID and chown'ing them to the new UID and GID.
An example how this remapping can be done is HERE.
The text was updated successfully, but these errors were encountered: