Docker compose volume Permissions linux
According to the docker-compose and docker run reference, the user
option sets the user id (and group id) of the process running in the container. If you set this to 1000:1000
, your webserver is not able to bind to port 80 any more. Binding to a port below 1024 requires root permissions. This means you should remove the added user: 1000:1000
statement again.
To solve the permission issue with the shared volume, you need to change the ownership of the directory. Run chown 1000:1000 /path/to/volume
. This can be executed inside the container or directly on the host system. The change is persistent and effective immediately (no container restarted required).
In general, I think the volume should be in a sub-directory, e.g.
volumes:
- ./public:/var/www/html
Make sure that the correct user owns ./public
. If you start the container and the directory does not exist, docker creates it for you. In this case, the directory is owned by root
and you need to change ownership manually as explained above.
Alternatively, you can run the webserver as an unprivileged user (user: 1000:1000
), let the server listen on port 8080 and change the routing to
ports:
- "8080:8080"
How can I change permission of mounted volumes in docker-compose.yml from the docker-compose.yml?
When bind-mounting a directory from the host in a container, files and directories maintain the permissions they have on the host. This is by design: when using a bind-mount, you're giving the container access to existing files from the host, and Docker won't make modifications to those files; doing so would be very dangerous (for example, bind-mounting your home-directory would change file permissions of your host's home directory, possibly leading to your machine no longer being usable).
To change permissions of those files, change their permissions on the host.
You can find more information on this in another answer I posted on StackOverflow: https://stackoverflow.com/a/29251160/1811501
Incorrect permissions for file with docker compose volume? 13: Permission denied
I think it was an SELinux thing, appending :z
to the volume fixed it.
volumes:
- ../nginx/nginx.conf:/etc/nginx/nginx.conf:z
Docker-compose set user and group on mounted volume
First determine the uid of the www-data
user:
$ docker exec DOCKER_CONTAINER_ID id
uid=100(www-data) gid=101(www-data) groups=101(www-data)
Then, on your docker host, change the owner of the mounted directory using the uid (100 in this example):
chown -R 100 ./
Dynamic Extension
If you are using docker-compose
you may as well go for it like this:
$ docker-compose exec SERVICE_NAME id
uid=100(www-data) gid=101(www-data) groups=101(www-data)
$ chown -R 100 ./
You can put that in a one-liner:
$ chown -R $(docker-compose exec SERVICE_NAME id -u) ./
The -u
flag will only print the uid
to stdout.
Edit: fixed casing error of CLI flag. Thanks @jcalfee314!
Docker-compose and named volume permission denied
Yes, there is a trick. Not really in the docker-compose file, but in the Docker file. You need to create the /var/log/myapp
folder and set its permissions before switching to the service
user:
FROM ubuntu:18.04
RUN useradd myservice
RUN mkdir /var/log/myapp
RUN chown myservice:myservice /var/log/myapp
...
USER myservice:myservice
Docker-compose will preserve permissions.
See Docker Compose mounts named volumes as 'root' exclusively
Related Topics
Using "Touch" to Create Directories
How to Run a Windows Docker Container on Linux Host
How to Update Minikube Latest Version
Using Output of Previous Commands in Bash
What Is Eof!! in The Bash Script
Finding Threading Bottlenecks and Optimizing for Wall-Time with Perf
Is Swarm Required for Using Multi-Host Networking Feature Using Overlay in Docker
Eclipse Doesn't Use The Path Set in .Bashrc
Linux: Checking If a Socket/Pipe Is Broken Without Doing a Read()/Write()
Automatically Sync Two Amazon S3 Buckets, Besides S3Cmd
Linux: How to Debug a Sigsegv? How to Trace The Error Source
Why Processes Are Deprived of CPU for Too Long While Busy Looping in Linux Kernel
Docker Run Hello-World Still Fails, Permission Denied
How to Pass Env Variables Between Make Targets
Principle of Qemu CPU Emulation
Qemu on Raspberry Pi Arch Linux Latest Sd Image
How to Find The Memory Consumption of a Particular Process in Linux for Every 5 Seconds