opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-20 08:36:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add more documentation on UID/GID Mappings with --userns=keep-id

Browse Source 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2022-11-16 15:22:20 -05:00
parent 639efd86e3
commit b6850e772b
2 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/source/markdown/options/userns.container.md
View File

@ -12,10 +12,11 @@ Rootless user --userns=Key mappings:
Key | Host User | Container User
----------|---------------|---------------------
"" |$UID |0 (Default User account mapped to root user in container.)
keep-id |$UID |$UID (Map user account to same UID within container.)
auto |$UID | nil (Host User UID is not mapped into container.)
nomap |$UID | nil (Host User UID is not mapped into container.)
"" |$UID |0 (Default User account mapped to root user in container.)
keep-id |$UID |$UID (Map user account to same UID within container.)
keep-id:uid=200,gid=210 |$UID| 200:210 (Map user account to specified uid, gid value within container.)
auto |$UID | nil (Host User UID is not mapped into container.)
nomap |$UID | nil (Host User UID is not mapped into container.)
Valid _mode_ values are:

11
docs/source/markdown/podman-run.1.md.in
View File

@ -575,10 +575,21 @@ $ podman run -v /var/db:/data1 -i -t fedora bash
$ podman run -v data:/data2 -i -t fedora bash
$ podman run -v /var/cache/dnf:/var/cache/dnf:O -ti fedora dnf -y update
```
If the container needs a writeable mounted volume by a non root user inside the container, use the **U** option. This options tells Podman to chown the source volume to match the default UID and GID used within the container.
```
$ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id -v ~/data:/var/lib/mysql:z,U mariadb
```
Alternativley if the container needs a writable volume by a non root
user inside of the container, the --userns=keep-id option allows users to
specify the UID and GID of the user executing Podman to specific UIDs and GIDs
within the container. Since the processes running in the container run as the users UID, they can read/write files owned by the user.
```
$ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id:uid=999,gid=999 -v ~/data:/var/lib/mysql:z mariadb
```
Using **--mount** flags to mount a host directory as a container folder, specify
the absolute path to the directory or the volume name, and the absolute path
within the container directory: