You can just run Docker containers as `--u $UID:$GID`, presuming the docker container isn't set up in such a way that it's hostile to its contents being executed by a non-root user. Usually this just means ensuring that you don't have read/execute permissions locked down to just root and that any in-container directories which need writes have the global write bit set. Once you do that, you can run your containers as whatever user/group you'd like, and things generally just work, and you don't have to worry about building custom images.

    $ cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=24.04
    DISTRIB_CODENAME=noble
    DISTRIB_DESCRIPTION="Ubuntu 24.04.1 LTS"
    $ mkdir tmp
    $ docker run --rm -v $(pwd)/tmp:/tmp alpine:latest sh -c 'echo "ok" > /tmp/test.txt'
    $ ll tmp
    .rw-r--r-- root root 3 B Sat Nov 16 14:53:51 2024 test.txt
    $ docker run -u $UID:$GID --rm -v $(pwd)/tmp:/tmp alpine:latest sh -c 'echo "ok" > /tmp/test2.txt'
    $ ll tmp
    .rw-r--r-- root  root  3 B Sat Nov 16 14:53:51 2024 test.txt
    .rw-r--r-- chris chris 3 B Sat Nov 16 14:54:16 2024 test2.txt

My question is, why would you want your containers writing to the box where they run? They should be context independent.

[dead]