I am misunderstanding or simply not understanding something that is making it more confusing for me to understand how linux file permissions work with containers when mapping volumes. So please correct me and add feedback as you see fit.
First, I understand that everything running in docker container is running as root:root, unless some images allow to specify user and group. That means that every file and folder created are owner by root:root
Now I create a group 39001 docker-storage, and add root and user accounts to it. Then I create folder "/storage" and change group ownership to 39001 docker-storage group. So now when I create folder or file in this directory it is owned by that account and group ownership is 39001 docker-storage. Likewise, root user from console creates file or folder in "/storage" and file/folder is owned by root but group ownership stays 39001 docker-storage.
So I create a container for unifi controller and map folder to "/storage/unifi". If this folder is not created prior to first time container startup, it will be owned by root user and root group. I would have expected it to be root:docker-storage. I understand that commands are coming from inside the container and it is not aware of group 39001. But why wouldn't it take group ownership from host?
If in the same example folder /storage/unifi is created by user of docker-storage group, it is still owned by docker-storage group. Then once container is started for first time it still has no problem accessing the folder, yet files and folders under it still get created and owned by root:root
Running "chown root:docker-storage -R" on unifi folder corrects that and container has no problem with access either. The only way to fix this that I am aware of is having UID and GID specified on docker container, but what if that is not an option?
What am I missing?
First, I understand that everything running in docker container is running as root:root, unless some images allow to specify user and group. That means that every file and folder created are owner by root:root
Now I create a group 39001 docker-storage, and add root and user accounts to it. Then I create folder "/storage" and change group ownership to 39001 docker-storage group. So now when I create folder or file in this directory it is owned by that account and group ownership is 39001 docker-storage. Likewise, root user from console creates file or folder in "/storage" and file/folder is owned by root but group ownership stays 39001 docker-storage.
So I create a container for unifi controller and map folder to "/storage/unifi". If this folder is not created prior to first time container startup, it will be owned by root user and root group. I would have expected it to be root:docker-storage. I understand that commands are coming from inside the container and it is not aware of group 39001. But why wouldn't it take group ownership from host?
If in the same example folder /storage/unifi is created by user of docker-storage group, it is still owned by docker-storage group. Then once container is started for first time it still has no problem accessing the folder, yet files and folders under it still get created and owned by root:root
Running "chown root:docker-storage -R" on unifi folder corrects that and container has no problem with access either. The only way to fix this that I am aware of is having UID and GID specified on docker container, but what if that is not an option?
What am I missing?