CODEWITHSUNDEEP
docker
mTv
mTv

Reputation: 1366

Mounted folder created as root instead of current user in Docker

trying to mount a volume to my container from the docker run command. It seems like the folder is always created as root instead of the container user. This makes it so that I'm lacking rights on the folder(cant create or write files for logging).

Doing some testing using this command: docker run -it --entrypoint /bin/bash -v $PWD/logs:/home/jboss/myhub/logs:rw myImage:latest

If i now do the command: ls -ld /logs i get the result: drwxr-xr-x 2 root root 4096 Jun 12 13:01 logs/

Here we can see that only the owner has write-rights. And root is the owner. I would expect(I want) jboss to be the owner of this folder. Or at least that all users have read/write rights given the :rw option in the -v parameter

What am I not understanding here? How can i get it to work like I want?

Upvotes: 11

Views: 10755

Answers (3)

jnnnnn
jnnnnn

Reputation: 4418

You can tell docker to run as a particular user. Then any folders created will have that user's permissions:

docker run --userns=host -u $(id -u):$(id -g)

Upvotes: 3

emory
emory

Reputation: 10891

@trust512 has identified the problem correctly and also correctly stated that there are no universally agreed upon "good solutions" to the problem. @trust512 has provided 2 kludgy solutions.

My solutions is not better - just an alternative.

Mount the parent of the volume you are interested in.

For example '/home/user' should be owned by user, but if I create a volume

docker volume create myhome

and mount it like

docker container run --mount type=volume,source=myhome,destination=/home/user ...

then /home/user will be owned by root.

However, if I do it like

docker volume create myhome &&
docker container run --mount type=volume,source=myhome,destination=/home alpine:3.4 mkdir /home/user &&
docker container run --mount type=volume,source=myhome,destination=/home alpine:3.4 chown 1000:1000 /home/user

then when I run

docker container run --mount type=volume,source=myhome,destination=/home ...

then /home/user will have the appropriate owner.

Upvotes: 5

trust512
trust512

Reputation: 2254

At the moment, this is a recurring issue with no simple answer.

There are two common approaches I hear of.

First involves chowning the directory before using it.

RUN mkdir -p /home/jboss/myhub/logs ; chown -R jboss:jboss /home/jboss/myhub/logs
USER jboss

In case you need to access the files from your host system with a different user, you can chmod files that your app created inside the container with your jboss user.

$ chmod -R +rw /home/jboss/myhub/logs

The second approach, involves creating the files with appropriate chmod in Dockerfile (or in your host system) before running your application.

$ touch /home/jboss/myhub/logs/app-log.txt
$ touch /home/jboss/myhub/logs/error-log.txt
$ chmod 766 /home/jboss/myhub/logs/app-log.txt
$ chmod 766 /home/jboss/myhub/logs/error-log.txt

There certainly are more ways to achieve this, but I haven't yet heard of any more "native" solutions. I'd like to find out an easier/more practical approach.

Upvotes: 9

Related Questions