Docker containers PUID and PGID

2 Comments / server / By /

Most Docker containers, especially from Linuxserver folks, use these PUID and PGID. Also, most of the Docker containers in this blog use these PUID and PGID.

According to Linuxserver

Docker runs all of its containers under the root user domain because it requires access to things like network configuration, process management, and your filesystem. This means that the processes running inside your containers also run as root. This kind of elevated access is not ideal for day-to-day use, and potentially gives applications the access to things they shouldn’t (although, a strong understanding of volume and port mapping will help with this).

Another issue is file management within the container’s mapped volumes. If the process is running under root, all files and directories created during the container’s lifespan will be owned by root, thus becoming inaccessible by you.

Using the PUID and PGID allows our containers to map the container’s internal user to a user on the host machine. All of our containers use this method of user mapping and should be applied accordingly.

https://docs.linuxserver.io/general/understanding-puid-and-pgid

I really do not want to use the admin account, so let’s create a new user for this sole purpose.

  1. Navigate to Access Rights Management > User
  2. Click on Add
  3. Give the new user a username
  4. Give the new user a password
  5. Confirm the password
  6. Select the /usr/sbin/nologin from the Shell drop-down menu
  7. Enable the Disallow the user to modify his account
  8. Click Save
  9. Click on Apply
  10. We are keeping this user in the User group, so there is no extra step for that
Figure 1

To verify the user’s PUID and PGID, SSH in to the OMV server and enter the command id username>

id hoid
uid=1000(hoid) gid=100(users) groups=100(users)

The value we want is the uid and gid, so the next time you create a Docker container that requires the PUID and PGID, we would be using 1000 for the PUID and 100 for the PGID.

This is not related to this post, but if you are wondering, who the heck is hoid. Hoid is a character in Brandon Sanderson‘s fantasy novels in the Cosmere universe. I just thought of using Hoid as my Docker container PUID/PGID post since he is going to tied to all the containers.

Cheers!

Subscribe
Notify of
guest

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
One-armed Herdazian.
One-armed Herdazian.
3 years ago

Was looking for this info yesterday. Just felt all queasy about using a GUID under 1000 when I was finally ready to go live. Got here by accident following links from YouTube. Thanks.

0
Reply
Depressed_BridgeBoy
Depressed_BridgeBoy
2 years ago

I specifically was searching to understand the difference between PGID 100 and 1000 because I saw them both in sample docker files online… and when I saw something with hoid in it on google, I clicked because well, I like hoid and thought this one must be worth checking out.

Then I saw the extra note at the bottom and realized it was the actual ‘Hoid’ it made my day.

0
Reply
2
0
Would love your thoughts, please comment.x
()
x