Mentions légales du service

Skip to content

#138 enable using different identity for building and launching containers

VESIN Marcrequested to merge
feature/138-create-id-launchtime into develop

Enable using different identities at build time and at launch time for containers (vpnserver mqtt restful node gui researcher).

The specified identity is used instead of root:

  • for all writes on mounted filesystems (from the host machine)
  • for some actions that do not need administrative privileges

Tested for several scenario including:

  • choose current id at build, use same id at launch (the classical case)
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose build <container>
docker-compose up -d <container>
  • choose alternative id at build, use current id at launch
CONTAINER_UID=1234 CONTAINER_GID=1234 CONTAINER_USER=fedbiomed CONTAINER_GROUP=fedbiomed docker-compose build <container>
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose up -d <container>
  • dont choose default id at build (thus default id is root), use current id at launch
docker-compose build <container>
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose up -d <container>
  • dont choose default id at build, dont choose default id at launch (thus container runs fully as root and files created on mounted filesystems belong to root)
docker-compose build <container>
docker-compose up -d <container>
Edited by VESIN Marc

Merge request reports