I tried to penetrate on my own, but I lack either diligence or experience with docker containers.

How does the user parameter work when launching docker containers and, most importantly, how to handle it when writing my own Dockerfile?

At the moment, I saw ready-made containers with parameter processing(for example, mariadb) —but often at the first launch, it drags the rights in the tuned volume to uid=999(system-coredump) — which makes the impression that the user doesn’t work as a kind of proxy for the rights", forcing all" external interactions"to exercise from under the specified user'a.

In self-assembled containers(for example, projects using php-fpm and external volums), they transfer to env-variable values ​​UID=xxxx and GID=xxxx, which are processed by the entrypoint, creating a user inside the container with the required IDs and running fpm from it .

1 Answers 1

user is a verbal representation for convenience, like domains on the Internet
the file does not have the parameter user name, user group name, there as the ip address is the user number and user group number

let's say i dka user on uid/gid 1000

I have a folder/tmp/docker with code

I launch debian in a container and add my own folder there to be/code
docker run -v/tmp/docker:/code -it --rm debian bash


I create a user inside a container with uid 1000 gid 1000(like on my host user)
root @ 364785fa76ce:/code #groupadd -g 1000 my_docker_user_group
root @ 364785fa76ce:/code #useradd --uid 1000 --gid 1000 my_docker_user


I jump under the new user with the help of su(in the docker file this is the USER directive)

root @ 364785fa76ce:/code #su my_docker_user

all, now I can code on the host, and run in the container and I will have no problems with the rights to the files