diff --git a/docs/source/markdown/options/userns.container.md b/docs/source/markdown/options/userns.container.md index c44ec321ac..61816383d2 100644 --- a/docs/source/markdown/options/userns.container.md +++ b/docs/source/markdown/options/userns.container.md @@ -12,10 +12,11 @@ Rootless user --userns=Key mappings: Key | Host User | Container User ----------|---------------|--------------------- -"" |$UID |0 (Default User account mapped to root user in container.) -keep-id |$UID |$UID (Map user account to same UID within container.) -auto |$UID | nil (Host User UID is not mapped into container.) -nomap |$UID | nil (Host User UID is not mapped into container.) +"" |$UID |0 (Default User account mapped to root user in container.) +keep-id |$UID |$UID (Map user account to same UID within container.) +keep-id:uid=200,gid=210 |$UID| 200:210 (Map user account to specified uid, gid value within container.) +auto |$UID | nil (Host User UID is not mapped into container.) +nomap |$UID | nil (Host User UID is not mapped into container.) Valid _mode_ values are: diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 3d4415dbc9..654b59091b 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -575,10 +575,21 @@ $ podman run -v /var/db:/data1 -i -t fedora bash $ podman run -v data:/data2 -i -t fedora bash $ podman run -v /var/cache/dnf:/var/cache/dnf:O -ti fedora dnf -y update +``` +If the container needs a writeable mounted volume by a non root user inside the container, use the **U** option. This options tells Podman to chown the source volume to match the default UID and GID used within the container. +``` $ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id -v ~/data:/var/lib/mysql:z,U mariadb ``` +Alternativley if the container needs a writable volume by a non root +user inside of the container, the --userns=keep-id option allows users to +specify the UID and GID of the user executing Podman to specific UIDs and GIDs +within the container. Since the processes running in the container run as the users UID, they can read/write files owned by the user. +``` +$ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id:uid=999,gid=999 -v ~/data:/var/lib/mysql:z mariadb +``` + Using **--mount** flags to mount a host directory as a container folder, specify the absolute path to the directory or the volume name, and the absolute path within the container directory: