The idea is to use this along with -v $PWD:/app option.
Whenever you use this workflow all files created in your
working directory will be created by the docker user (e.g. root)
requiring you to use sudo for clean-up...
... random sudo rm -rf something is just what you need in your life.
To avoid this issue add one of the following bash scripts as your entrypoint like this (in Dockerfile):
COPY user_shell.sh /usr/bin/user_shell
RUN chmod +x /usr/bin/user_shell
ENTRYPOINT [ "/usr/bin/user_shell" ]The first script umask_shell.sh is a simpler alternative that
simply sets umask 0000 before running your desired command.
Almost all files created with your command will get 666 permissions
(rw for everyone) permissions (the mask bits are in negation - what permissions
to take away when creating a file). Technically, a negation of 000 would
be 777, but these are just the default permissions - commands will
still modify individual bits.
This will work for commands like mkdir x or touch x.
Other commands could explicitly set other permissions. For example log files
or secrets are often assigned more restrictive permissions by default.
You will still need to remove those files with sudo.
The second script user_shell.sh is more complicated but solves the above issues.
Every command is run as a user that is the owner of the /app mountpoint
so:
- there is no problem with accessing any of the host files
- there is no need to use
sudoto remove any of the created files