Hacker News new | ask | show | jobs
by encryptluks2 1839 days ago
Containers are ideally meant for a single service. The best way I've found is to just pass the `--user` flag to `docker run` and have the service run as whatever user it is that you want. The only challenge is that you need to make sure that the volume mounts are already created on the host with the correct permissions.
1 comments
dandarie 1839 days ago
That runs the container as a given usee, but doesn't prevent the container running some processes as a different internal user.
link
encryptluks2 1839 days ago
If you built the container or inspected it before running you should know what the container is doing. Again, containers like Docker aren't really "meant" to run multiple processes. They are meant to run a single process and your app should be able to run as whatever user you run the container with. If you want to run multiple processes or services inside a single container then ultimately you're better off with a different container solution.
link