12:55 a.m.
Hi Matt,
Thanks for the very helpful response. I had no idea that flag
existed. :)
It has gotten me most of the way there, but since I also use some
named volumes I think I'm being bitten by this bug (but I'm not
sure): https://github.com/containers/podman/issues/5698
My UID on the host is 1000 and there is also a user in the
container with the same UID. This works fine since I want to run
as that user anyway. The problem comes when that user needs to
write some files to their home directory (this happens when I run
npm install). I have mounted a named volume at the user's home
directory which has some files that I need to be there. However,
when I do that the user's home directory is now owned by UID 999
and GID 999 instead of 1000.
It looks like a fix for the issue above has been merged but not
included in a stable release yet (I'm on 2.0.6). I'm not even
sure if it will address this problem though.
To sum up, I need some files from a named volume in the user's
home directory, but when I use --userns=keep-id, the ownership of
the home directory gets changed.
Hopefully that makes sense, and as soon as the fix for #5698 is
released I'll test again to see if that solves it.
Thanks,
Dominic
Matt Heon <mheon(a)redhat.com> wrote:
On 2020-09-14 19:30, Dominic wrote:
>Hello,
>
>There may not be a good answer to this question, but I was
>wondering if anyone has a suggestion. I'm using rootless
podman >for local development environments for Node.js and PHP
projects.
>
>I can't wait to rebuild an image after each file is changed,
so >I'm bind mounting my project's working directory into the
>container so changes are reflected instantly. A consequence of
>this is that all of the project files are owned by the root
user >inside the container (since they are owned by my regular
user >outside). This means that I need to run any commands as
root in >the container in order to have access to the project
files. That, >in itself, is not a big deal. The problem is that
a lot of >software doesn't like to be run as root. I have run
into problems >with:
>
>- PHP-FPM requires a special flag to run as root and config changes
>- WP-CLI requires a special flag added to any command to run as root
>- Compiling software can fail as part of npm install (specifically with
gulp-imagemin)
>
>None of these issues are really show stoppers, but they do
slow >down development, and each time I run into a new one it
can take >time to debug.
>
>Are there any workarounds that allow for fast development, the
>user running in the container to not be root, and reasonable
>security (e.g. I don't really want to chmod 777 all of my
project >files)?
>
>--
>Thank you,
>Dominic
Podman features a `--userns=keep-id` flag that will map your
user outside the container, to the same UID in the container -
so if you could convince PHP-FPM and other applications to run
as your UID, you should be able to work with files owned by
your user without issue.
Thanks,
Matt Heon
>_______________________________________________
>Podman mailing list -- podman(a)lists.podman.io
>To unsubscribe send an email to podman-leave(a)lists.podman.io
_______________________________________________ Podman mailing
list -- podman(a)lists.podman.io To unsubscribe send an email to
podman-leave(a)lists.podman.io
--
Thank you,
Dominic