For security reasons I try to run docker containers as non-root. In my case I would like to start a container as www-data. ResinOS host contains a www-data user/group with id 33 (as Debian does). As described in How to use volumes with rdt pushing a container to the device maps the host
/data on the container.
/mnt/data/resin-data/<app-name>/ is creates as
root, running the container fails with a file permission problem since
www-data can’t write to
/data. I found a workaround by stopping the container, changing ownership of
www-data:ww-data. Successive starts worked fine as long i did not delete the directory.
Is there an alternative way to set directory permissions for
/mnt/data/resin-data/<app-name>/? I thought
--before could be use, but the
--before command is run locally on the machine where resin-cl is executed (and not on the device host).
Another problem running a container as non-root is mapping the UID/GID from container to the host system. My image worked only with the resin-Debian base image since
www-data UID/GID matches on host and image. I was not able to create a working image from Alpine base image where the UID/GID is 82 (and not 31).
Do you know a way to map UID/GUID 82 (from the container) to the UID/GID on the host (32)?