For security reasons I try to run docker containers as non-root. In my case I would like to start a container as www-data. ResinOS host contains a www-data user/group with id 33 (as Debian does). As described in How to use volumes with rdt pushing a container to the device maps the host /mnt/data/resin-data/<app-name>/
into /data
on the container.
Since /mnt/data/resin-data/<app-name>/
is creates as root
, running the container fails with a file permission problem since www-data
can’t write to /data
. I found a workaround by stopping the container, changing ownership of /mnt/data/resin-data/<app-name>/
to www-data:ww-data
. Successive starts worked fine as long i did not delete the directory.
Is there an alternative way to set directory permissions for /mnt/data/resin-data/<app-name>/
? I thought --before
could be use, but the --before
command is run locally on the machine where resin-cl is executed (and not on the device host).
Another problem running a container as non-root is mapping the UID/GID from container to the host system. My image worked only with the resin-Debian base image since www-data
UID/GID matches on host and image. I was not able to create a working image from Alpine base image where the UID/GID is 82 (and not 31).
Do you know a way to map UID/GUID 82 (from the container) to the UID/GID on the host (32)?
kind regards
Max