<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hey Laci,<div class="">That's brilliant and amazing response!</div><div class="">Thanks for all the insight, it will save me from a lot of work and confusion I was having with some docker concepts.</div><div class=""><br class=""></div><div class="">Thanks a lot again!</div><div class=""><br class=""></div><div class="">Marco</div><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 5 Mar 2018, at 19:11, Szemere, László <<a href="mailto:laszlo.szemere@balabit.com" class="">laszlo.szemere@balabit.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hello Marco,<div class=""> <font color="#0000ff" class="">please find my answers inline</font></div><div class="gmail_extra"><br class=""></div><div class="gmail_extra">Br,</div><div class="gmail_extra">Laci</div><div class="gmail_extra"><br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sun, Mar 4, 2018 at 4:56 PM, Marco Mignone <span dir="ltr" class=""><<a href="mailto:info@marcomignone.com" target="_blank" class="">info@marcomignone.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Laci,<br class="">
Thanks for this.<br class="">
I will have a play at this and I probably need to study a bit more of Docker as my confusion probably derives from the fact of using docker-compose to start all services instead of 'docker run' when one can specify also the user you want the container to start with.<br class=""></blockquote><div class=""><font color="#0000ff" class="">From what I have found, while the command line interface do not support the <b class="">user</b> parameter, the compose files do. Not so flexible, but fair enough.</font></div><div class=""> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br class="">
The one thing I don't understand is why you can't access the file on the host machine (unless of using sudo) if the user on the host and inside the container are the same?<br class=""></blockquote><div class=""><font color="#0000ff" class="">That was just a small trick to demonstrate that access rights are in place. I forgot to copy the whole command prompt, but on my personal computer I am using the username <b class="">szemere</b>. So with the permission <b class="">0200</b> (seen by <b class="">ls -hal</b>) even I was unable to access the files belonging to the user <b class="">marco</b> (id: <b class="">1500</b>).</font></div><div class=""> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br class="">
That is basically what I am trying to achieve, the output folder and files to have the ownership of an existing user / group on the host machine so that they are accessible by that user without having to sudo. I wonder if that is what you meant at the end talking about the external user in the 'note:' section of your reply?<br class=""></blockquote><div class=""><font color="#0000ff" class="">You are right. By external user I meant the user on the host machine. However my note was about how to address them.</font></div><div class=""><font color="#0000ff" class="">The problem: Since your "external" users do not exists (by default) inside the container, you can not use their name to "address" them. (You most probably got a "no such user" error.)</font></div><div class=""><font color="#0000ff" class=""><br class=""></font></div><div class=""><font color="#0000ff" class="">The most common solutions to this problem are:</font></div><div class=""><div style="font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><font color="#0000ff" class="">A) Select users/groups by their ID. (See in the syslog-ng's configuration in the example.)</font></div></div><div class=""><font color="#0000ff" class="">B) First create the users/groups inside the container with a matching ID. After that you can use the "names" in the syslog-ng's configuration.<br class=""></font></div><div class=""><div style="font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><font color="#0000ff" class="">C) Blind mount the /etc/passwd file. (Has some other implications, read carefully, test with virtual machines before using it.)</font></div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><br class=""></div><div class=""><br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br class="">
Thanks for your help and reply, that's already a good starting point for me to try again.<br class="">
<br class="">
Regards,<br class="">
<div class="HOEnZb"><div class="h5">Marco<br class="">
______________________________<wbr class="">______________________________<wbr class="">__________________<br class="">
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a><br class="">
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a><br class="">
<br class="">
</div></div></blockquote></div><br class=""></div></div>
______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>