#138 enable using different identity for building and launching containers
Enable using different identities at build time and at launch time for containers (vpnserver
mqtt
restful
node
gui
researcher
).
The specified identity is used instead of root
:
- for all writes on mounted filesystems (from the host machine)
- for some actions that do not need administrative privileges
Tested for several scenario including:
- choose current id at build, use same id at launch (the classical case)
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose build <container>
docker-compose up -d <container>
- choose alternative id at build, use current id at launch
CONTAINER_UID=1234 CONTAINER_GID=1234 CONTAINER_USER=fedbiomed CONTAINER_GROUP=fedbiomed docker-compose build <container>
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose up -d <container>
- dont choose default id at build (thus default id is
root
), use current id at launch
docker-compose build <container>
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose up -d <container>
- dont choose default id at build, dont choose default id at launch (thus container runs fully as
root
and files created on mounted filesystems belong toroot
)
docker-compose build <container>
docker-compose up -d <container>
Edited by VESIN Marc