Say I have a short-lived container that creates a file inside an attached volume. Most off-the-shelf images run stuff as root in containers, so unless I do extra stuff in the container the file ends up owned by root on the host. I want that file owned by me.
docker run has a --user argument that allows forcing a specific uid/gid of the first process started in the container. This seems to work in some cases. For example:
host$ mkdir dockTmp
host$ docker run -u $UID:$(id -g) -v $(pwd)/dockTmp:/tmp/dockTmp --rm -it ubuntu:16.04 /bin/bash
groups: cannot find name for group ID 1000
I have no name!@1f64238ff7d4:/$ touch /tmp/dockTmp/foo
I have no name!@1f64238ff7d4:/$ ls -l /tmp/dockTmp/foo
-rw-r--r-- 1 1000 1000 0 Nov 11 07:22 /tmp/dockTmp/foo
(Ctrl-d)
host$ ls -l dockTmp/foo
-rw-r--r-- 1 adamm adamm 0 Nov 10 23:22 dockTmp/foo
Other times, not so much:
host$ docker run -u $UID:$(id -g) --rm -it tensorflow/tensorflow:nightly
Traceback (most recent call last):
  File "/usr/local/bin/jupyter-notebook", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 266, in launch_instance
    return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 657, in launch_instance
    app.initialize(argv)
  File "<decorator-gen-7>", line 2, in initialize
  File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 87, in catch_config_error
    return method(app, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1366, in initialize
    self.init_configurables()
  File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1100, in init_configurables
    connection_dir=self.runtime_dir,
  File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 556, in __get__
    return self.get(obj, cls)
  File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 535, in get
    value = self._validate(obj, dynamic_default())
  File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 99, in _runtime_dir_default
    ensure_dir_exists(rd, mode=0o700)
  File "/usr/local/lib/python2.7/dist-packages/jupyter_core/utils/__init__.py", line 13, in ensure_dir_exists
    os.makedirs(path, mode=mode)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/.local'