For the context :
docker --version
Docker version 20.10.7, build 20.10.7-0ubuntu5~20.04.2
test 1 : volume is /myvolume
Here's my Dockerfile
FROM alpine:latest
USER 1000:1000
VOLUME /myvolume
and the build + run commands :
docker build -t myimage .
docker run --rm -it myimage
then, once in the container :
/ $ whoami
whoami: unknown uid 1000
/ $ ls -ld /myvolume/
drwxr-xr-x 2 root root 4096 Mar 8 09:22 /myvolume/
/ $ touch /myvolume/test
touch: /myvolume/test: Permission denied
So far, this is no surprise the user with UID 1000 can't write to /myvolume.
test 2 : volume is /tmp
My Dockerfile
FROM alpine:latest
USER 1000:1000
VOLUME /tmp
(same build + run commands), and in the container :
/ $ whoami
whoami: unknown uid 1000
/ $ ls -ld /tmp
drwxrwxrwt 2 root root 4096 Nov 24 09:20 /tmp
/ $ touch /tmp/test
/ $ ls -l /tmp
total 0
-rw-r--r-- 1 1000 1000 0 Mar 8 09:23 test
Now the volume has changed to /tmp, the user with UID 1000 can write in it.
I know /tmp is typically world-writable in GNU/Linux, but here, this looks "magical" (which is fine only when Harry Potter is around) and I'm wondering whether :
a) I'm missing something about how Docker and volumes work (please refer me to appropriate documentation / tutorials)
b) it's a coincidence due to my setup / something's missing to be explicit and stop relying on defaults
c) it's an undocumented feature that may change any time without notice
d) it's a feature I've not been able to find documentation about, and I can safely rely on the fact that when a volume is attached to /tmp, it is always world-writable
