Access rights

Docker volume how to simply set the rights to the created files?

Good afternoon.
How to simply set the rights to the created files in the folders forwarded to the host system?
The deploy user, uid 1004, is a member of the docker group
I forward the folder to the container on startup, write to a file, exit

[email protected]:~$ docker run --rm -ti -v $PWD/l2:/l2 debian bash
[email protected]:/# echo booo! > l2/2
[email protected]:/# exit
exit

file permissions - root root

[email protected]:~$ ls -lh l2/2 
-rw-r--r-- 1 root root 6 May 22 12:38 l2/2

ok, I start with -u and work under the user "I have no name!" ))

[email protected]:~$ docker run --rm -ti -u $(id -u) -v $PWD/l2:/l2 debian bash
I have no [email protected]:/$

I create a file and it is created with the correct UID on the host system, but obviously something more complicated does not work anymore.

docker run --rm -ti -u $(id -u) -v $PWD/l2:/var/lib/postgresql/data postgres
chown: changing ownership of `/var/lib/postgresql/data': Operation not permitted

And so yes, it does not work for obvious reasons.
I tried to enable inheritance on the folder - it helps, but not much, I inherit the user's group, but in view of umask 0022 in the container at root I get read-only rights for the group.
you can bother and rebuild the container with the created user (with the given uid and gid ), set the rights to the folders, etc., but this takes time.
while I get out of the situation through sudo returning the owner of the files, but maybe I don’t know how to prepare extended rights on the file system?
Is it possible to somehow more simply manage rights in the case of forwarded volumes ?
UPD
ACL solves the problem partially.

[email protected]:~$ docker run --rm -ti -v $PWD/ll:/ll busybox sh
/ # echo root > /ll/1
/ # ls -lh /ll/1 
-rw-r--r--    1 root     root           5 May 23 16:48 /ll/1
/ # exit
[email protected]:~$ echo $(id -u) >> ll/1
-bash: ll/1: Отказано в доступе
[email protected]:~$ setfacl -d -m u::rwx,g::r,o::-,u:$(whoami):rwx ll
[email protected]:~$ echo $(id -u) >> ll/1
-bash: ll/1: Отказано в доступе
[email protected]:~$ rm -rf ll/1
[email protected]:~$ ls -lh ll/1
ls: невозможно получить доступ к ll/1: Нет такого файла или каталога
[email protected]:~$ docker run --rm -ti -v $PWD/ll:/ll busybox sh
/ # echo root2 > /ll/1
/ # ls -lh /ll/1 
-rw-rw----    1 root     root           6 May 23 16:49 /ll/1
/ # exit
[email protected]:~$ echo $(id -u) >> ll/1
[email protected]:~$ cat ll/1
root2
1000
[email protected]:~$ rm ll/1
[email protected]:~$ ls -lh ll/1
ls: невозможно получить доступ к ll/1: Нет такого файла или каталога

If the process in the container changes the owner of the directory, then everything becomes bad.

[email protected]:~$ mkdir db
[email protected]:~$ ls -lhd db
drwxrwxr-x+ 2 user user 4,0K мая   23 20:22 db
[email protected]:~$ getfacl db
# file: db
# owner: user
# group: user
user::rwx
user:user:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:user:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

[email protected]:~$ docker run -d -v $PWD/db:/var/lib/postgresql/data --name postgres postgres
a4bcadb8b48d001c2c7846a79ad09a7468aa20d3fa265822464a0dd23481bf16
[email protected]:~$ ls -lh db
ls: невозможно открыть каталог db: Отказано в доступе
[email protected]:~$ ls -lhd db
drwx------+ 18 999 user 4,0K мая   23 20:23 db
[email protected]:~$ getfacl db
# file: db
# owner: 999
# group: user
user::rwx
user:user:rwx			#effective:---
group::r-x			#effective:---
mask::---
other::---
default:user::rwx
default:user:user:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

[email protected]:~$ setfacl -m u:user:rwx db
setfacl: db: Операция не позволена

UPD2
you can return the rights to volume through docker

[email protected]:~$ mkdir db
[email protected]:~$ ls -lh db
итого 0
[email protected]:~$ docker run -d -v $PWD/db:/var/lib/postgresql/data --name postgres postgres
6f839610604dca662a585b73dbbe9204b805887bd12a3826a1a7bdebfa1025a4
[email protected]:~$ ls -lh db
ls: невозможно открыть каталог db: Отказано в доступе
[email protected]:~$ docker stop postgres 
postgres
[email protected]:~$ docker rm postgres 
postgres
[email protected]:~$ ls -lh db
ls: невозможно открыть каталог db: Отказано в доступе
[email protected]:~$ ID=$(id -u)
[email protected]:~$ docker run --rm -ti -v $PWD/db:/db busybox sh -c "chown -R $ID db"
[email protected]:~$ ls -lh db
итого 112K
drwx------+ 5 user docker 4,0K мая   23 21:47 base
drwx------+ 2 user docker 4,0K мая   23 21:47 global
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_clog
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_dynshmem
-rw-------+ 1 user docker 4,4K мая   23 21:47 pg_hba.conf
-rw-------+ 1 user docker 1,6K мая   23 21:47 pg_ident.conf
drwx------+ 4 user docker 4,0K мая   23 21:47 pg_logical
drwxrwxr-x+ 4 user docker 4,0K мая   23 21:47 pg_multixact
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_notify
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_replslot
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_serial
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_snapshots
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_stat
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_stat_tmp
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_subtrans
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_tblspc
drwx------+ 2 user docker 4,0K мая   23 21:47 pg_twophase
-rw-rw-r--+ 1 user docker    4 мая   23 21:47 PG_VERSION
drwx------+ 3 user docker 4,0K мая   23 21:47 pg_xlog
-rw-------+ 1 user docker   88 мая   23 21:47 postgresql.auto.conf
-rw-------+ 1 user docker  21K мая   23 21:47 postgresql.conf
-rw-rw-r--+ 1 user docker   37 мая   23 21:47 postmaster.opts