Hello Marco,

please find my answers inline

Br,

Laci

On Sun, Mar 4, 2018 at 4:56 PM, Marco Mignone <info@marcomignone.com> wrote:

Hi Laci,
Thanks for this.
I will have a play at this and I probably need to study a bit more of Docker as my confusion probably derives from the fact of using docker-compose to start all services instead of 'docker run' when one can specify also the user you want the container to start with.

From what I have found, while the command line interface do not support the user parameter, the compose files do. Not so flexible, but fair enough.

The one thing I don't understand is why you can't access the file on the host machine (unless of using sudo) if the user on the host and inside the container are the same?

That was just a small trick to demonstrate that access rights are in place. I forgot to copy the whole command prompt, but on my personal computer I am using the username szemere. So with the permission 0200 (seen by ls -hal) even I was unable to access the files belonging to the user marco (id: 1500).

That is basically what I am trying to achieve, the output folder and files to have the ownership of an existing user / group on the host machine so that they are accessible by that user without having to sudo. I wonder if that is what you meant at the end talking about the external user in the 'note:' section of your reply?

You are right. By external user I meant the user on the host machine. However my note was about how to address them.

The problem: Since your "external" users do not exists (by default) inside the container, you can not use their name to "address" them. (You most probably got a "no such user" error.)

The most common solutions to this problem are:

A) Select users/groups by their ID. (See in the syslog-ng's configuration in the example.)

B) First create the users/groups inside the container with a matching ID. After that you can use the "names" in the syslog-ng's configuration.

C) Blind mount the /etc/passwd file. (Has some other implications, read carefully, test with virtual machines before using it.)

Thanks for your help and reply, that's already a good starting point for me to try again.

Regards,

Marco
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq