This is tagged as
code-server issue, but it’s actually a generic one, and these are just examples.
PGID don’t help with rootless containers, as mapping is done automatically based on
While I think it’s better to run the rootless containers with a dedicated host user and just chown-ing whatever it needs access to, some containers are more fitted to run under the personal user host account, like short live code-server containers, or calibre-web that access a library that is only available when the user is logged in (e.g. library in user’s home systemd-homed luks encrypted image).
If the rootless contained service needs access to filesystem resource owned by the host user, then there are two options:
- Make the resource world-accessible. I can’t see how this can be an acceptable solution.
- Run the service with the root user in the container. It will have the same UID/GID as the host user that started the container, which will solve the filesystem permission issue.
My suggestion is to add to all of linuxserver’s container images the option to start the contained services with the root user.
Of course, this shouldn’t be the default behavior for rootless containers.