The reason for using an arbitrary UID is to prevent the user inside of the container from having access to resources outside of the container if somehow breached. This includes resources on the host as well as resources accessed by other containers.
Since you don’t know what that user is going to be ahead of time, the solution would be to make the files needed by the user to be world readable. And if necessary world writable.
I would agree that the change you made is not the greatest as this would allow the user specified in the docker image to run potentially adding a bit of risk to the host which may have a collision with the same username resources.
Should for some reason the container MUST run as a specific user (which I’ve run into a couple of these cases), the documentation I linked can assist with such. It simply requires an extra bit of work but helps keeps things in a safer state.
On February 25, 2016 at 07:09:07, Lorenz Vanthillo (lorenz vanthillo outlook com) wrote: