Skip to content

Mount shared folders as a different user #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
greut opened this issue Aug 30, 2016 · 12 comments
Closed

Mount shared folders as a different user #63

greut opened this issue Aug 30, 2016 · 12 comments
Labels
area/mounts kind/feature lifecycle/locked status/acknowledged

Comments

@greut
Copy link

greut commented Aug 30, 2016

Expected behavior

A mounted volume rights can be changed.

It doesn't seem that Windows shares allows this at runtime. Would it be possible to give a UID/GID pair from the UI (or JSON config) to enable this kind of behaviour from the Mobylinux VM?

# mount -t cifs ... /c -o username=...,password=...,uid=$UID,gid=$GID,...

Actual behavior

Mounted volumes belong to root

Information

https://forums.docker.com/t/mounting-a-volume-as-non-root-from-windows/17548/2

Steps to reproduce the behavior

  1. $ docker run --rm -it -v c:/Users/Me:/data ls -l /data
    -rwxr-xr-x 1 root root 22299 ...
@rn
Copy link
Contributor

rn commented Aug 30, 2016

@greut thanks for the suggestion. My main concern is that if you run multiple containers than they all have to agree on the acceptable userid/groupid. Of course that is true now as well.

Could you give an example of something which complains about root being the default?

Would it work, if we hard code a different userid/groupid?

@greut
Copy link
Author

greut commented Aug 30, 2016
edited
Loading

composer is one of those tools, but it's not a blocker.

Do not run Composer as root/super user! See https://getcomposer.org/root for details

https://getcomposer.org/doc/faqs/how-to-install-untrusted-packages-safely.md

1000:1000 or 1000:100 seems like good default values to me.

Ditto for bundler.

@moleCuleFFF
Copy link

moleCuleFFF commented Sep 13, 2016
edited
Loading

Apache is a good case point, as Apache runs as user and group www-data:www-data it cannot write to named volumes. Basically making Drupal development on docker a real PITA due to its directory structure.

I think this will be one of the most requested features, the best way to manage this would be to allow you to declare a uid:gid per volume either in docker-compose if your using it or at docker run

@vbarinov
Copy link

This problem stops me from using Docker for web development from the Windows host. Apache/php should not run from root. Any status?

@friism
Copy link

friism commented Mar 10, 2017

I think this is related to the same CIFS/Samba limitation as here: #39

Closing this issue.

@friism friism closed this as completed Mar 10, 2017
@greut
Copy link
Author

greut commented Mar 11, 2017

@friism the problem isn't only that you cannot chown on a CIFS mounted folder. You cannot set a different uid/gid for the mounted folder but root's.

@rn
Copy link
Contributor

rn commented Mar 11, 2017

@greut This is a limitation of CIFS/SMB and there is little we can do about this. The uid/gid are basically global for all containers. We could potentially offer a configuration option to mount with a different uid/gid. Would that help?

@greut
Copy link
Author

greut commented Mar 12, 2017

@meugeba you suggestion was part of the initial request indeed. -o uid=$UID,gid=$GID

@h3rj4n
Copy link

h3rj4n commented Mar 20, 2017

+1

1 similar comment
@glinton
Copy link

glinton commented May 18, 2017

+1

@glinton glinton mentioned this issue May 18, 2017
Closed
@samuelvetsch samuelvetsch mentioned this issue Jul 9, 2018
Closed
@gvenzl
Copy link

gvenzl commented Jul 9, 2018

Hi everybody, we are facing this issue again with Oracle Database running on a Windows container. Oracle expects certain files to be owned by the user running the database for security purposes. The user has to be other than root and is usually oracle.

I'm wondering whether the above suggestion of using a configuration option to mount with a different uid/gid on Windows is already available? Any insights, @rn?

@yosifkit yosifkit mentioned this issue Mar 13, 2019
Closed
charleskorn added a commit to batect/batect that referenced this issue Jul 6, 2019
@charleskorn
Fix issues running tasks with 'run as current user' enabled on Windows.
80703c7 
These issues are caused by the fact that files and folders mounted while
running on Windows are mounted as root, regardless of the user running
the container. This is different to the behaviour on both OS X and Linux.

See docker/for-win#63 and
docker/for-win#39 for more details.
@watchdogoblivion watchdogoblivion mentioned this issue Nov 11, 2019
Closed
@amd5 amd5 mentioned this issue Dec 3, 2019
Closed
@docker-robott
Copy link
Collaborator

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

@docker docker locked and limited conversation to collaborators Jun 18, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/mounts kind/feature lifecycle/locked status/acknowledged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@greut @friism @dgageot @h3rj4n @vbarinov @glinton @rn @gvenzl @moleCuleFFF @docker-robott