Skip to content

default user ID?

I noticed that the CMSSW standalone container runs as cmsuser with ID 501:

$ docker run -i -t --rm clelange/cmssw:5_3_32 /usr/bin/id
uid=501(cmsusr) gid=501(cmsusr) groups=501(cmsusr)

This creates some permission issues when running the container in a laptop development kind of situation when my local disk is mounted as a volume to the running process.

Is the cmsuser necessary?

  • If yes, could the user ID be set to 1000? This is equal to the first user ID of a Linux system, making development easier when sharing volumes and writing files from inside and outside the container. This is what we usually do in our various projects, for example:
$ grep reanauser Dockerfile 
RUN adduser --uid 1000 --disabled-password --gecos '' reanauser && \
    chown -R reanauser:reanauser /code
USER reanauser
$ docker run -i -t --rm reanahub/reana-job-controller /usr/bin/id
uid=1000(reanauser) gid=1000(reanauser) groups=1000(reanauser)
  • If not, what about keeping some root rights?
$ grep -A1 invenio Dockerfile 
RUN adduser --uid 1000 invenio --gid 0 && \
    chown -R invenio:root /code
USER 1000
$ docker run -i -t --rm cernopendata/web /usr/bin/id
uid=1000(invenio) gid=0(root) groups=0(root)

This would make running things easier both locally and on K8s.