Other option is to set UMASK to something wide, so when the files in the docker are created as root, you will still have full power over them as the user:
umask 0000
When generating cotainers you could do automatically so then you do not have to worry about it on each run:
RUN echo "" >> /etc/bash.bashrc && \
echo "umask 0000" >> /etc/bash.bashrc
Or make a wrapper script which will create the matching user in the container and then execute your script as that user:
# get location of this script no matter what your current folder is, this might break between shells so make sure you run bash
LOCAL_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# get current IDs
USER_ID=$(id -u)
GROUP_ID=$(id -g)
echo "Mount $LOCAL_DIR into docker, and match the host IDs ($USER_ID:$GROUP_ID) inside the container."
docker run -v $LOCAL_DIR:/host_mount -i debian:9.4-slim bash -c "set -euo pipefail && groupadd -r -g $GROUP_ID lowprivgroup && useradd -u $USER_ID lowprivuser -g $GROUP_ID && cd /host_mount && su
-c ./runMyScriptAsRegularUser.sh lowprivuser"
From: cdt-dev <cdt-dev-bounces@xxxxxxxxxxx>
On Behalf Of Moritz Strübe
Sent: Wednesday, February 10, 2021 3:25 PM
To: cdt-dev@xxxxxxxxxxx
Subject: Re: [cdt-dev] Building CDT project with docker image
EXTERNAL EMAIL:
Do not click links or open attachments unless you know the content is safe
Hey,
you are running into a classical Docker-Issue: No user-mapping for bind-mounts. For Windows this does not matter, because the folders are shared via some (pretty slow) abstraction layer and are mapped to the appropriate user. When you run your code using Linux,
the user within the Docker is either root, which has user id 0, or some created user, which most likely has user id 1000. If you run your code using the root user, all created files belong to root and there are some scripts that don't run as root (mostly for
safety reasons). If you run as user with the ID 1000 you won't have access to the files, as the Linux user who owns the files most likely has a different user-id.
VSCode solves this by changing the user-id of the default user after startup.
There are two quick solutions, besides adding support to Eclipse:
* Make sure the user with id 1000 has access to the files. Something you can do on your own system, but is not something you want to support for other people.
* Use root within the docker-image, pass the user-id of the linux-user into the container. Then, in the entrypoint, create a new user with that user-id and change to that user. I however did not research the best way to pass the user-id into the container.
* Similar to the latter, but detect the user-id based on the owner of the the current work-directory.
Cheers
Morty
Am 10.02.2021 um 15:59 schrieb Alexis Bouffies:
Hi everyone,
I am running into issues when using the “Build from Docker image” option for the CDT project build. My use case is the following:
I have a custom RCP based on Eclipse CDT. This RCP had been ported to Windows, and we are trying to port it to Linux Ubuntu. To build C/C++ projects, we deliver a Docker image to the user, that is linked at project creation. The project
is built through a “make” command. We also offer the possibility to build the project in the Docker image in command line mode. Here is what I have so far:
- In Windows everything works, build in the Docker image from CDT or in Docker from the launched image in the command line
- In Linux Ubuntu, the whole build works fine from the command line, but I witnessed the following issues when building from CDT:
- I got some “permission denied” errors when calling the compiler installed on the Docker image. Although this has been solved setting the user to “root” when building the Docker image,
it makes me wonder what the user is set to when running from CDT?
- After setting the user to root in the built Docker image, another issue appears: we have a python tool installed in the Docker image, and when this tool is called by the make script
from the Docker image inside CDT, nothing happens, it seems the tool cannot even be called.
I do not have extended experience with Linux so there is probably something I am missing there. Any help would be greatly appreciated.
Thanks,
Alexis
_______________________________________________
cdt-dev mailing list
cdt-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cdt-dev
--
MATHEMA GmbH
Schillerstraße 14 | 90409 Nürnberg
Telefon: +49 (0)911 180778-50
E-Mail: moritz.struebe@xxxxxxxxxx | Web: www.mathema.de
Geschäftsführer: Andreas Hanke, Thomas Haug
Handelsregister: HR B 35517, Nürnberg/Bayern