Docker volume user permissions

I finally got my head around the user permissions using Docker on a Linux host. It’s actually quite simple. This is a quick summary that helps align permissions inside and outside of the container.

Understanding how user permissions work inside and outside of the container matters when you are mounting a directory as a volume (a bind mount) and you want to access and update files from both inside and outside of the container.

Key point 1 — Linux users are defined by UID not username

On Linux the users are really defined by the user number UID and the group GIU, but we tend to think about the username instead. We can see this on any Linux system by looking at the following

> cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
...
bob:x:1000:1000:bob,,,:/home/bob:/bin/bash

In the above the username bob has UID=1000 and GID=1000. The name bob is just an alias to these numbers. What matters really is the numbers.

Key point 2 — Check the Linux user inside the container

There is a particular user that is being used inside the container to run the code. This may be defined in the Dockerfile in a USER <uid>:<gid> line.

But this can be investigated when the container is running by hopping onto the container and checking the username…