Docker Compose Volume Permissions Linux

Docker compose volume Permissions linux

According to the docker-compose and docker run reference, the user option sets the user id (and group id) of the process running in the container. If you set this to 1000:1000, your webserver is not able to bind to port 80 any more. Binding to a port below 1024 requires root permissions. This means you should remove the added user: 1000:1000 statement again.

To solve the permission issue with the shared volume, you need to change the ownership of the directory. Run chown 1000:1000 /path/to/volume. This can be executed inside the container or directly on the host system. The change is persistent and effective immediately (no container restarted required).

In general, I think the volume should be in a sub-directory, e.g.

  volumes:
    - ./public:/var/www/html

Make sure that the correct user owns ./public. If you start the container and the directory does not exist, docker creates it for you. In this case, the directory is owned by root and you need to change ownership manually as explained above.

---

Alternatively, you can run the webserver as an unprivileged user (user: 1000:1000), let the server listen on port 8080 and change the routing to

 ports:
    - "8080:8080"

How can I change permission of mounted volumes in docker-compose.yml from the docker-compose.yml?

When bind-mounting a directory from the host in a container, files and directories maintain the permissions they have on the host. This is by design: when using a bind-mount, you're giving the container access to existing files from the host, and Docker won't make modifications to those files; doing so would be very dangerous (for example, bind-mounting your home-directory would change file permissions of your host's home directory, possibly leading to your machine no longer being usable).

To change permissions of those files, change their permissions on the host.

You can find more information on this in another answer I posted on StackOverflow: https://stackoverflow.com/a/29251160/1811501

Incorrect permissions for file with docker compose volume? 13: Permission denied

I think it was an SELinux thing, appending :z to the volume fixed it.

volumes:
      - ../nginx/nginx.conf:/etc/nginx/nginx.conf:z

Docker-compose set user and group on mounted volume

First determine the uid of the www-data user:

$ docker exec DOCKER_CONTAINER_ID id
uid=100(www-data) gid=101(www-data) groups=101(www-data)

Then, on your docker host, change the owner of the mounted directory using the uid (100 in this example):

chown -R 100 ./

Dynamic Extension

If you are using docker-compose you may as well go for it like this:

$ docker-compose exec SERVICE_NAME id
uid=100(www-data) gid=101(www-data) groups=101(www-data)
$ chown -R 100 ./

You can put that in a one-liner:

$ chown -R $(docker-compose exec SERVICE_NAME id -u) ./

The -u flag will only print the uid to stdout.

Edit: fixed casing error of CLI flag. Thanks @jcalfee314!

Docker-compose and named volume permission denied

Yes, there is a trick. Not really in the docker-compose file, but in the Docker file. You need to create the /var/log/myapp folder and set its permissions before switching to the service user:

FROM ubuntu:18.04

RUN useradd myservice
RUN mkdir /var/log/myapp
RUN chown myservice:myservice /var/log/myapp

...

USER myservice:myservice

Docker-compose will preserve permissions.

See Docker Compose mounts named volumes as 'root' exclusively

---

Related Topics