.. _add-users:

============================================
Appendix: adding users in docker environment
============================================

In standard environment, when a user transfer files between DTNs, he must have an account
on each system.

In docker environment, two sets of user account will be involved, `container user account`
and `host user account`. When a user is created into a container, this user may not
be known for host machine. In this case, if a host volume is mounted into this container,
there may be permission denied issues.

To avoid such permission denied issues, we recommend adopting an 1-to-1 mapping policy bewteen
container and host:

* for each user created in container, set a dedicated uid
* for each group created in container, set a dedicated gid
* on host, create a ``docker`` user with those dedicated uid/gid, and manage permission

Here is an example on how to set up an acocunt ``mdtmftp`` and group ``mdtmftp``
in container and in host.

First, launch ``mdtmftp:1.1.1-xenial`` docker image interactively.

.. code-block:: console

   $ sudo docker run -it \
       --name create_account \
       publicregistry.fnal.gov/bigdata_express/mdtmftp:1.1.1-xenial \
       /bin/bash

Next, create user account ``mdtmftp`` within the container.

.. code-block:: console

   $ groupadd -g 4001 mdtmftp
   $ useradd -u 4001 -d /home/mdtmftp --create-home --shell /bin/bash mdtmftp
   $ usermod -g mdtmftp mdtmftp

Then, exit from the container, save the container to a new image following `Docker`_ instructions.

.. _Docker: https://docs.docker.com/engine/reference/commandline/commit/

.. code-block:: console

   $ sudo docker commit create_account mdtmftp:updated

Afterward, create user ``mdtmftp`` with dedicated uid/gid in the host.

.. code-block:: console

   $ groupadd -g 4001 mdtmftp
   $ useradd -u 4001 -d /home/mdtmftp --create-home --shell /bin/bash mdtmftp
   $ usermod -g mdtmftp mdtmftp

Finally, set appropriate permission for ``mdtmftp`` to access data transfer folders in the host.