This isnt really a gerrit issue and is down to user and group isolation in docker.
Ok so by default docker will be running as a user say root in your case. The user id may be 5 in the container. Now beware user ids in a container may not and usually wont line up with users outside of the container so root uid on the host may be 15 not 5. So u actually get userid 5s permissions instead of what u expected which was root.
So u often find in the real production environments the hosts have users specifically to run the containers as with mappings.
E.g. say docker-root and docker-user which have been setup on the host before hand. u can then map the user or group ids to the docker container. So it knows to run root in the container with and id thst matches the host user.
You can then limit the root user in the container to less than root on the host which is very useful for grouping file system access etc to just folders that it needs to access and not your whole host which it could access if everything in a container could run as real root.
Here are 2 very important articles to read on the subject.
https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf
https://docs.docker.com/engine/security/userns-remap/
I hope this helps your understanding. You dont have this issues with docker volumes as the folders are created and owned by the container user not the hosts.
--
* <
http://wandisco.com>*
**The LIVE DATA Company
*Find out more
*
wandisco.com <
http://wandisco.com/>*
<
https://www.wandisco.com/welcome-live-data-world-video>
*
THIS MESSAGE
AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED
If
this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.