Hi everyone!

I’m making a Docker version of my sharing server for ease of use and it works, but I would like to know if there are some “best practices” when it comes to shared folders.

The ‘problem’ is that the docker image is ran as root in its container, and the user runs as the local user, and they both need read/write access to this file.

So my setup is to create a folder where the file will live, created by the local user, and share it with a docker-compose.yml “volumes” command, and have user: “1000:1000” in there as well (with instructions to get the uid & gid).

This has to be done by the user before running the Docker image though, is there a simpler way?

I have seen groups, running docker in userspace and more, but it all seems so cumbersome. I just want a folder where both entities has read & write access.

  • Valmond@lemmy.worldOP
    link
    fedilink
    arrow-up
    2
    ·
    17 days ago

    And here I were trying to simplify things for people 😅, will check out though, thanks!

    • Botzo@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      16 days ago

      Once podman is installed (iirc the network package is marked as a dependency for most package managers) and your user is configured (provide subuids/subguids), I really think podman is a simpler model. The containers you run are actually yours (not root’s) and you don’t need to be part of a privileged docker group to run them. Of course, you can run containers as root with podman too: just use sudo.

      You’ll actually need to configure your user the same way for running docker in rootless mode, which should be the default.

      Your dockerfile will work with podman. Your docker-compose file will too (via podman compose). You’ll have access to awesome new capabilities like pods, and defining your containers with kubernetes style yaml, and running your containers via systemd.

      However, with rootless podman/docker, you should remove any/all of the USER silliness the rootful/default docker people do to protect themselves a bit from rogue processes effectively running as root and/or container escapes to root.