docker non-root with NFS mount

Java

there are two steps in switch docker to non root and mount with NFS. however, there are several knowns issues with the switch as well

  1. switch to non root
//in dockerfile

//add the group and user
RUN groupadd -g $GID <groupname> && useradd -lms /bin/bash -g $GID -u $UID <username>

//switch to non root
USER <username>

the group id and user is needed in order to mount the NFS or any existing directory for the existing user (the non root user). otherwise, it’s not needed if mount is not needed.

there is an issue with large group id and user id,

https://github.com/moby/moby/issues/5419

https://stackoverflow.com/questions/73351423/docker-build-hangs-when-adding-user-with-a-large-value-of-user-id-uid

the solution is to disable the logging, which otherwise would explode the lastlog and faillog in docker, which took more than 200GB in our case for a super large user id (9 digit).

2. then to mount the NFS, if its existing directory, the file/folder permissions would copied over to the container (now with same user/group id)

How to deal with high user id in a dockerfile

https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user

https://github.com/golang/go/issues/13548

Advertisement

Published by lwpro2

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s