<div dir="ltr">Hello Marco,<div> <font color="#0000ff">please find my answers inline</font></div><div class="gmail_extra"><br></div><div class="gmail_extra">Br,</div><div class="gmail_extra">Laci</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 4, 2018 at 4:56 PM, Marco Mignone <span dir="ltr"><<a href="mailto:info@marcomignone.com" target="_blank">info@marcomignone.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Laci,<br>
Thanks for this.<br>
I will have a play at this and I probably need to study a bit more of Docker as my confusion probably derives from the fact of using docker-compose to start all services instead of 'docker run' when one can specify also the user you want the container to start with.<br></blockquote><div><font color="#0000ff">From what I have found, while the command line interface do not support the <b>user</b> parameter, the compose files do. Not so flexible, but fair enough.</font></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
The one thing I don't understand is why you can't access the file on the host machine (unless of using sudo) if the user on the host and inside the container are the same?<br></blockquote><div><font color="#0000ff">That was just a small trick to demonstrate that access rights are in place. I forgot to copy the whole command prompt, but on my personal computer I am using the username <b>szemere</b>. So with the permission <b>0200</b> (seen by <b>ls -hal</b>) even I was unable to access the files belonging to the user <b>marco</b> (id: <b>1500</b>).</font></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
That is basically what I am trying to achieve, the output folder and files to have the ownership of an existing user / group on the host machine so that they are accessible by that user without having to sudo. I wonder if that is what you meant at the end talking about the external user in the 'note:' section of your reply?<br></blockquote><div><font color="#0000ff">You are right. By external user I meant the user on the host machine. However my note was about how to address them.</font></div><div><font color="#0000ff">The problem: Since your "external" users do not exists (by default) inside the container, you can not use their name to "address" them. (You most probably got a "no such user" error.)</font></div><div><font color="#0000ff"><br></font></div><div><font color="#0000ff">The most common solutions to this problem are:</font></div><div><div style="font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><font color="#0000ff">A) Select users/groups by their ID. (See in the syslog-ng's configuration in the example.)</font></div></div><div><font color="#0000ff">B) First create the users/groups inside the container with a matching ID. After that you can use the "names" in the syslog-ng's configuration.<br></font></div><div><div style="font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><font color="#0000ff">C) Blind mount the /etc/passwd file. (Has some other implications, read carefully, test with virtual machines before using it.)</font></div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Thanks for your help and reply, that's already a good starting point for me to try again.<br>
<br>
Regards,<br>
<div class="HOEnZb"><div class="h5">Marco<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div></div>