Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Recently ran into this. So far I've landed on `setfacl`
- `--user` didn't work for me because there were root permissions in my image
- I didn't dig into why `userns-remap` didn't work
- I didn't give https://github.com/boxboat/fixuid a try yet
Some notes from my experience
setfacl -dm "u:alexandros:rw" ~/alpine
Shameless plug: a boilerplate where I had to solve UID permissions, running as non-root user, publishing files to another container, mounting fs as read only, and hot reloading in dev environment.
It's still pretty much a proof of concept and it relies on docker compose but perhaps some of you may find it useful as a starting point: https://github.com/tacone/loki
This one liner enters the namespace of Rootless Docker, and does the chown back to your normal user (root is your host user when you switch back to your namespace).
Anytime you use overlay filesystem ... like storing database on disk so docker doesn't kill it every run, this is useful. So you can do backups, rebuild docker images, etc.
More information: https://github.com/jpetazzo/nsenter#how-do-i-use-nsenter