Docker rootless: how to set it up, to have proper file permissions for remote editing?

How to configure the docker container, that the user, who runs docker, can edit the files of the mounted volumes?
Main goal: edit configurations files of openHAB from remote machines (mainly VS Code using remote-fs).

The openhab container does create an additional user and group inside the container (name: ‘openhab’), which runs OH and owns the configuration files. On every start of the container, the ownership of all files and directories is set to openhab:openhab. That user ‘openhab’ (more specific: the userid) is not known on the host and the config files are chmod 644.

Background:
I did start using docker some time ago. It really streamlined my homelab setup and its maintenance.

OpenHAB still runs on a raspberrypi (openhabian, and it is still 2.5…). I want to migrate to a OH3 and docker.

Bc I’ve always heard docker has its security issues as it runs as root, I did start using rootless docker right from the beginning.

Review the environment variables that you can set when running the container. One of them lets you specify the UID and GID used by the openhab user inside the container.

1 Like

I briefly looked at these settings. It interferes with the user, which runs the docker container (uid 1000) on the host. When I do set the uid via env also to 1000, it throws an error. Both users (root, openHAB) cannot be mapped to the same ID. :confused:

Do I do something wrong?

I don’t know because I don’t know your user environment. If it won’t work to map it to 1000 try creating a new user on your host and map that UID/GID to the container.

But be ware that I think the openHAB image expects that it’s initially started as root because it does some root level operations inside the container prior to starting openHAB as the lower level user (including creating that lower level openhab user inside the container in the first place). Perhaps that’s causing problems.

You are veering pretty far off of the standard openHAB docker deployment so will likely be largely on your own. You might have to build your own custom image with a different approach in enterypoint.sh.

But just to be clear, you’ve set the environment variable (-e option) not the docker user (--user option).

1 Like

Yes. I’ll double check this.

When using a second user on the host, I’ll need to use that user do edit files bc of 644. While writing this, I start accepting this as a neat workaround. Thx! :relaxed: