7. Appendix: adding users in docker environment¶

In standard environment, when a user transfer files between DTNs, he must have an account on each system.

In docker environment, two sets of user account will be involved, container user account and host user account. When a user is created into a container, this user may not be known for host machine. In this case, if a host volume is mounted into this container, there may be permission denied issues.

To avoid such permission denied issues, we recommend adopting an 1-to-1 mapping policy bewteen container and host:

for each user created in container, set a dedicated uid
for each group created in container, set a dedicated gid
on host, create a docker user with those dedicated uid/gid, and manage permission

Here is an example on how to set up an acocunt mdtmftp and group mdtmftp in container and in host.

First, launch mdtmftp:1.1.1-xenial docker image interactively.

$ sudo docker run -it \
    --name create_account \
    publicregistry.fnal.gov/bigdata_express/mdtmftp:1.1.1-xenial \
    /bin/bash

Next, create user account mdtmftp within the container.

$ groupadd -g 4001 mdtmftp
$ useradd -u 4001 -d /home/mdtmftp --create-home --shell /bin/bash mdtmftp
$ usermod -g mdtmftp mdtmftp

Then, exit from the container, save the container to a new image following Docker instructions.

$ sudo docker commit create_account mdtmftp:updated

Afterward, create user mdtmftp with dedicated uid/gid in the host.

$ groupadd -g 4001 mdtmftp
$ useradd -u 4001 -d /home/mdtmftp --create-home --shell /bin/bash mdtmftp
$ usermod -g mdtmftp mdtmftp

Finally, set appropriate permission for mdtmftp to access data transfer folders in the host.