default user ID?
I noticed that the CMSSW standalone container runs as cmsuser
with ID 501:
$ docker run -i -t --rm clelange/cmssw:5_3_32 /usr/bin/id
uid=501(cmsusr) gid=501(cmsusr) groups=501(cmsusr)
This creates some permission issues when running the container in a laptop development kind of situation when my local disk is mounted as a volume to the running process.
Is the cmsuser
necessary?
- If yes, could the user ID be set to 1000? This is equal to the first user ID of a Linux system, making development easier when sharing volumes and writing files from inside and outside the container. This is what we usually do in our various projects, for example:
$ grep reanauser Dockerfile
RUN adduser --uid 1000 --disabled-password --gecos '' reanauser && \
chown -R reanauser:reanauser /code
USER reanauser
$ docker run -i -t --rm reanahub/reana-job-controller /usr/bin/id
uid=1000(reanauser) gid=1000(reanauser) groups=1000(reanauser)
- If not, what about keeping some
root
rights?
$ grep -A1 invenio Dockerfile
RUN adduser --uid 1000 invenio --gid 0 && \
chown -R invenio:root /code
USER 1000
$ docker run -i -t --rm cernopendata/web /usr/bin/id
uid=1000(invenio) gid=0(root) groups=0(root)
This would make running things easier both locally and on K8s.