Using a 1777 (1757) directory on the host for shared container storage

I would like a bunch of containers all to have access to a common storage target. Not used for the containers themselves, but for some of the services inside of them.

In the past, I have done this by creating a special group and a group-writeable directory on the host and then SETGID-mapping various groups in the containers to that group on the host. But it’s kind of a pain in the ass to keep having to do that and also to make sure that different services/binaries inside the container have that special group as primary.

How bad of an idea is it to have a world-writeable directory on the host with the sticky bit on as a target for all of those containerized services instead?

It’s not too bad, though you may want to make sure it’s not possible for a random user on the host to traverse to that path (put it under a 0100 directory).

No so much worried about any users on the host, as much as users in different containers messing with other users’ directories.

Thanks for the advice.