Containers and users/groups
by LQ496873 from LinuxQuestions.org on (#6J31K)
I could easily hammer out a 1000 word question here but to keep it blunt...
When creating a docker container what should I set uid and gid to?
I did a test drive of my home server and got everything working great but now I'm doing the final install (ha!!) I need to get this right, but completely overlooked it earlier.
A bit of context...
I've installed openSUSE MicroOS which comes with a user called 'root' that is in a group called 'root'. The first thing I did after booting up for the first time is create a user called 'server' and put it in two groups; 'users' and 'docker'.
Given docker is essentially a group with the same privileges as root (at least I read/think it is!) and it's a read-only OS is this user necessary? Should I just use the root user?
I've completely stumped myself because I ran a docker command to create a cloudflare tunnel, then did a nextcloud install with a custom data directory but later noticed that directory has a user called '33' and is in the root group... I've no idea where that '33' comes from. And now I'm looking at adding a gitea container too and see the template docker-compose has uid:gid of 1000:1000. The server user has a uid of 1000 but I don't have a group with gid of 1000 so looked into changing it and I suddenly realised I don't understand users and groups in the context of what I'm doing, or at all! The final nail in the coffin was when I created the directory /home/server/docker-compose to keep my docker-compose files and saw it's in the group, 'docker'. Why? and how? did it do that!
So, to go back to my first question.... When creating a docker container what should I set uid and gid to? And is it worth creating a user when I'm using an immutable container host?
Thank you!
When creating a docker container what should I set uid and gid to?
I did a test drive of my home server and got everything working great but now I'm doing the final install (ha!!) I need to get this right, but completely overlooked it earlier.
A bit of context...
I've installed openSUSE MicroOS which comes with a user called 'root' that is in a group called 'root'. The first thing I did after booting up for the first time is create a user called 'server' and put it in two groups; 'users' and 'docker'.
Given docker is essentially a group with the same privileges as root (at least I read/think it is!) and it's a read-only OS is this user necessary? Should I just use the root user?
I've completely stumped myself because I ran a docker command to create a cloudflare tunnel, then did a nextcloud install with a custom data directory but later noticed that directory has a user called '33' and is in the root group... I've no idea where that '33' comes from. And now I'm looking at adding a gitea container too and see the template docker-compose has uid:gid of 1000:1000. The server user has a uid of 1000 but I don't have a group with gid of 1000 so looked into changing it and I suddenly realised I don't understand users and groups in the context of what I'm doing, or at all! The final nail in the coffin was when I created the directory /home/server/docker-compose to keep my docker-compose files and saw it's in the group, 'docker'. Why? and how? did it do that!
So, to go back to my first question.... When creating a docker container what should I set uid and gid to? And is it worth creating a user when I'm using an immutable container host?
Thank you!