Reputation: 1904
AWS Elastic Beanstalk Change Permissions on Mounted Directory
I'm deploying a Laravel application to a multicontainer Elastic Beanstalk configuration. The application code is packaged in a zip file and uploaded as part of the deployment, and is then mounted into the PHP-FPM Docker container. The containers run correctly and the code is mounted, however all the mounted directories are owned by root and therefore the application cannot write to these directories (required for log files, framework files etc). I need them to be owned by www-data
If I manually SSH on the the EC2 instance, then run docker exec -it container_id bash and run ls -la I can see all the files/dirs are owned by root. If I run chown -R www-data: storage vendor then the application works as expected.
Therefore I need to find a way to change the permissions on the mounted directories inside the php-fpm container.
I have tried the following command in .ebextensions/permissions.config
container_commands:
01_change_storage_permissions:
# Get the php fpm container ID and change permissions on the mounted directories
command: sudo docker exec $(sudo docker ps -aqf "name=php-fpm") chown -R www-data:www-data storage vendor bootstrap
The deployment is successful so I can assume the command executed successfully but it unfortunately doesn't seem to change the permissions as upon logging into the container, the directories are still owned by root
Upvotes: 5
Views: 1457
Answers (2)
Reputation: 985
You simply need to copy your source files into the container and then chown them.
ADD ./ /var/www
RUN chown....
It is better to copy files into the container when in production.
Good reading here: https://medium.com/@basi/docker-compose-from-development-to-production-88000124a57c
Upvotes: 0
Reputation: 4349
You can chown the directories before mounting them, as described here. A brief overview:
If you control the Dockerfile, you run HOST_UID=$(id -u) and HOST_GID=$(id -g) and generate a Dockerfile that expands $HOST_GID and $HOST_UID in the below two commands:
RUN groupadd -g $HOST_GID mygroup
RUN useradd -l -u $HOST_UID -g mygroup myuser
Use the generated Dockerfile with the ID's filled in, to build your image.
If you don't control the Dockerfile, here’s a container pattern for assigning the userid / groupid at runtime in a way that’s easily portable.
Upvotes: 2
Related Questions
- How do I change file permissions on ElasticBeanstalk before docker image gets built?
- AWS Elastic BeanStalk Docker root file system switch to read-only
- How to set folder permissions for a particular container on Elastic Beanstalk
- Why am I getting a permission denied error on docker/aws eb?
- Docker mount directory access rights
- chmod in .ebextensions on AWS Elastic Beanstalk failing
- Laravel and AWS Elastic Beanstalk - File Permissions
- AWS Elastic Beanstalk - changing owner of webapp folder
- Change file permissions using elasticbeanstalk config file
- Change read/write access of a folder in Ubuntu Linux