#138 enable using different identity for building and launching containers (!99) · Merge requests · OBSOLETE_Fed-BioMed / OBSOLETE_Fed-BioMed

VESIN Marc requested to merge feature/138-create-id-launchtime into develop Apr 12, 2022

Enable using different identities at build time and at launch time for containers (vpnserver mqtt restful node gui researcher).

The specified identity is used instead of root:

for all writes on mounted filesystems (from the host machine)
for some actions that do not need administrative privileges

Tested for several scenario including:

choose current id at build, use same id at launch (the classical case)

CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose build <container>
docker-compose up -d <container>

choose alternative id at build, use current id at launch

CONTAINER_UID=1234 CONTAINER_GID=1234 CONTAINER_USER=fedbiomed CONTAINER_GROUP=fedbiomed docker-compose build <container>
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose up -d <container>

dont choose default id at build (thus default id is root), use current id at launch

docker-compose build <container>
CONTAINER_UID=$(id -u) CONTAINER_GID=$(id -g) CONTAINER_USER=$(id -un) CONTAINER_GROUP=$(id -gn) docker-compose up -d <container>

dont choose default id at build, dont choose default id at launch (thus container runs fully as root and files created on mounted filesystems belong to root)

docker-compose build <container>
docker-compose up -d <container>

Edited Apr 13, 2022 by VESIN Marc

Admin message

#138 enable using different identity for building and launching containers

Merge request reports