Ensuring Consistent File Ownership by Mapping Host User in CCC Containers
CCC runs as containerized services and relies on host-mounted volumes to persist critical data such as database files, logs, and runtime artifacts across container restarts, upgrades, and system reboots. By default, CCC containers run using an internal non-root user whose UID and GID may differ from the host user, which can cause files written to mounted directories to appear on the host with unexpected or unmapped ownership.
This page describes an optional configuration that aligns the container user with the host user by mapping the container UID and GID to those of the host system. When applied, all files created by CCC containers inherit the same ownership as the host user, ensuring consistent permissions across all mounted files and directories. This configuration applies to both the CCC database and application containers and must be implemented before launching the containers. Use the section below that matches your deployment model:
The steps described on this page are additional configuration measures and must be performed after the CCC installation is complete.
Podman Deployment: Mapping Container UID/GID to the Host User
This section describes how to configure CCC containers running with Podman to use the same UID and GID as the host user. This ensures consistent file ownership for all files and directories mounted from the host. The configuration must be applied to both the CCC database container (ccc-db) and the CCC application container (ccc-app).
Preparing the CCC Database Image to Use the Host UID/GID
Ensure that no CCC database container is running.
podman ps -a
Navigate to the podman directory in the CCC distribution and update the CCC database start script.
cd /<userDir>/CCC_package/ccc-db/podman vi start-ccc-database.sh
Set the following value:
RESTRICT_TO_USE_HOST_UID_GID=Y
Create a Containerfile in the current directory to rebuild the CCC DB image using the host UID/GID.
#######################################################################################################
# This Containerfile rebuilds the CCC DB image to map the host user UID/GID
#######################################################################################################
FROM ccc-db:4.5.0
ARG UID
ARG GID
USER root
RUN deluser --remove-home cccuser
RUN delgroup cccapp
RUN groupadd -g ${GID} cccapp && \
useradd -s /bin/sh -g ${GID} -u ${UID} cccuser
RUN echo cccuser ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/cccuser && \
chmod 0440 /etc/sudoers.d/cccuser && \
chown root:root /usr/bin/sudo && \
chmod 4755 /usr/bin/sudo
RUN mkdir -p /home/cccuser && \
touch /home/cccuser/.bashrc
USER cccuser
Ensure that all files and directories under ${CCC_BASE_DIR} are owned by the host user launching the container.
Launch the ccc-db container using the updated configuration.
Preparing the CCC Application Image to Use the Host UID/GID
Ensure that no CCC application container is running.
podman ps -a
Navigate to the podman directory in the CCC distribution and update the CCC application start script.
cd /<userDir>/CCC_package/ccc-app/podman vi start-ccc-server.sh
Set the following value:
RESTRICT_TO_USE_HOST_UID_GID=Y
Create a Containerfile in the current directory to rebuild the CCC application image using the host UID/GID.
#######################################################################################################
# This Containerfile rebuilds the CCC application image to map the host user UID/GID
#######################################################################################################
FROM ccc:4.5.0
ARG UID
ARG GID
USER root
RUN deluser --remove-home cccuser
RUN delgroup cccapp
RUN groupadd -g ${GID} cccapp && \
useradd -s /bin/sh -g ${GID} -u ${UID} cccuser
RUN echo cccuser ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/cccuser && \
chmod 0440 /etc/sudoers.d/cccuser && \
chown root:root /usr/bin/sudo && \
chmod 4755 /usr/bin/sudo
RUN mkdir -p /home/cccuser && \
touch /home/cccuser/.bashrc
USER cccuser
Ensure that all files and directories under ${CCC_BASE_DIR} are owned by the host user launching the container.
Launch the ccc-app container using the updated configuration.
Kubernetes/Helm Deployment: Rebuilding CCC Images with Host UID/GID
This section describes how to rebuild CCC container images to map the container user to the host user UID and GID when deploying CCC using Kubernetes or Helm. The same procedure applies to both Kubernetes and Helm deployments.
Rebuilding the CCC Database Image with Host UID/GID
Ensure that no CCC database container (ccc-db) is running.
Create a Containerfile on a separate VM where Docker or Podman is installed.
Add the following content to the Containerfile.
#######################################################################################################
# This containerfile is used to rebuild the CCC DB container image to map the host user UID/GID
#######################################################################################################
FROM ccc-db:4.5.0
ARG UID
ARG GID
USER root
RUN deluser --remove-home cccuser
RUN delgroup cccapp
RUN groupadd -g ${GID} cccapp && \
useradd -s /bin/sh -g ${GID} -u ${UID} cccuser
RUN echo cccuser ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/cccuser && \
chmod 0440 /etc/sudoers.d/cccuser && \
chown root:root /usr/bin/sudo && \
chmod 4755 /usr/bin/sudo
RUN mkdir -p /home/cccuser && \
touch /home/cccuser/.bashrc
USER cccuser
Build a new CCC DB image using the Containerfile.
docker build --no-cache \ --build-arg UID=<User ID> \ --build-arg GID=<Group ID> \ --tag ccc-db-uid:4.5.0 \ --file ./Containerfile . podman build --no-cache \ --build-arg UID=<User ID> \ --build-arg GID=<Group ID> \ --tag ccc-db-uid:4.5.0 \ --file ./Containerfile .
Save the rebuilt image to a tar file.
docker save -o ccc-db-uid.tar ccc-db-uid:4.5.0 podman save -o ccc-db-uid.tar ccc-db-uid:4.5.0
Copy the image tar file to the Kubernetes worker nodes.
Load the image on the worker nodes.
ctr -n=k8s.io images import ccc-db-uid.tar
Launch the ccc-db container.
Rebuilding the CCC Application Image with Host UID/GID
Ensure that no CCC application container (ccc-app) is running.
Create a Containerfile on a separate VM where Docker or Podman is installed.
Add the following content to the Containerfile.
#######################################################################################################
# This containerfile is used to rebuild the CCC container image to map the host user UID/GID
#######################################################################################################
FROM ccc:4.5.0
ARG UID
ARG GID
USER root
RUN deluser --remove-home cccuser
RUN delgroup cccapp
RUN groupadd -g ${GID} cccapp && \
useradd -s /bin/sh -g ${GID} -u ${UID} cccuser
RUN echo cccuser ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/cccuser && \
chmod 0440 /etc/sudoers.d/cccuser && \
chown root:root /usr/bin/sudo && \
chmod 4755 /usr/bin/sudo
RUN mkdir -p /home/cccuser && \
touch /home/cccuser/.bashrc
USER cccuser
Build a new CCC application image using the Containerfile.
docker build --no-cache \ --build-arg UID=<User ID> \ --build-arg GID=<Group ID> \ --tag ccc-uid:4.5.0 \ --file ./Containerfile . podman build --no-cache \ --build-arg UID=<User ID> \ --build-arg GID=<Group ID> \ --tag ccc-uid:4.5.0 \ --file ./Containerfile .
Save the rebuilt image to a tar file.
docker save -o ccc-uid.tar ccc-uid:4.5.0 podman save -o ccc-uid.tar ccc-uid:4.5.0
Copy the image tar file to the Kubernetes worker nodes.
Load the image on the worker nodes.
ctr -n=k8s.io images import ccc-uid.tar
Launch the CCC application container.
