Is it possible to have a mount and volume in the same container using docker-compose?
~/logs:/app/logs/:rw
The directory ~/logs
must be granted rw to 1000:1000 (appuser:appgroup) because this is an existing directory on the host.
other:/app/other/:rw
Named volume is created by docker on the host which is owned by root
(except rootless mode). Use VOLUME
to retain the permission set in Dockerfile:
FROM node:16-alpine
RUN apk add dumb-init
RUN addgroup appgroup && adduser -S appuser -G appgroup
RUN mkdir -p /app/logs && mkdir /app/other
WORKDIR /app/
COPY package*.json ./
RUN npm install
COPY . /app
RUN chown -R appuser:appgroup /app/
USER appuser
VOLUME /app/other
why is logs directory owned by node:node?
This user:group was created in the base image node:16-alpine.
Alternate method that solve similar issue, if it suits your need.
Mounted folder created as root instead of current user in Docker
At the moment, this is a recurring issue with no simple answer.
There are two common approaches I hear of.
First involves chown
ing the directory before using it.
RUN mkdir -p /home/jboss/myhub/logs ; chown -R jboss:jboss /home/jboss/myhub/logs
USER jboss
In case you need to access the files from your host system with a different user, you can chmod
files that your app created inside the container with your jboss user.
$ chmod -R +rw /home/jboss/myhub/logs
The second approach, involves creating the files with appropriate chmod
in Dockerfile
(or in your host system) before running your application.
$ touch /home/jboss/myhub/logs/app-log.txt
$ touch /home/jboss/myhub/logs/error-log.txt
$ chmod 766 /home/jboss/myhub/logs/app-log.txt
$ chmod 766 /home/jboss/myhub/logs/error-log.txt
There certainly are more ways to achieve this, but I haven't yet heard of any more "native" solutions.
I'd like to find out an easier/more practical approach.
docker can not write on mounted volume with non-root user
Most propably the UID on your host for myuser
does not match the UID for myuser
inside the Container.
Solution
If you want to write from within your container into a directory of your host machine you must first create a myuser
User on your host and check its UID via
$ sudo su - myuser -c "id"
uid=1000(myuser) gid=100(users) Gruppen=100(users)
In this example UID=1000 and GID=100.
Now you will need to create a Folder ~/log/nginx
with owner/group of myuser
on your host.
$ sudo mkdir ~/log/nginx
$ sudo chown myuser ~/log/nginx
$ sudo chmod -R 0700 ~/log/nginx/
Afterwards you can create a Dockerfile and your user with the same UID/GID.
RUN useradd myuser -u 1000 -g 100 -m -s /bin/bash
USER myuser
Now you should be able to write to your mounted volume with the specified user. You can check this via:
docker run -v $(pwd)/log/nginx:/var/log/nginx --rm -it mynginx:v1 /bin/bash
if you can now write to /var/log/nginx
How to give non-root user in Docker container access to a volume mounted on the host
There's no magic solution here: permissions inside docker are managed the same as permissions without docker. You need to run the appropriate chown
and chmod
commands to change the permissions of the directory.
One solution is to have your container run as root and use an ENTRYPOINT
script to make the appropriate permission changes, and then your CMD
as an unprivileged user. For example, put the following in entrypoint.sh
:
#!/bin/sh
chown -R appuser:appgroup /path/to/volume
exec runuser -u appuser "$@"
This assumes you have the runuser
command available. You can accomplish pretty much the same thing using sudo
instead.
Use the above script by including an ENTRYPOINT
directive in your Dockerfile:
FROM baseimage
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/bin/sh", "entrypoint.sh"]
CMD ["/usr/bin/myapp"]
This will start the container with:
/bin/sh entrypoint.sh /usr/bin/myapp
The entrypoint script will make the required permissions changes, then run /usr/bin/myapp
as appuser
.
Creating/generating files in a mounted volume on docker container own to regular user and not to root
Solution: We need to run docker script on user scope and push the user
attribute with user id and group id convention ("uid:gid"
).
example: run command in specific user sudo -iu john
and run docker-compose function:USER_INFO=$(id -u):$(id -g) docker-compose up --build --force-recreate -d
compose file structure:
version: '3.4'
services:
app:
image: ubuntu:latest
command: /home/john/clone_repository_and_generate_reports.sh
volumes:
- "/home/john/:/home/john/"
environment:
- NODE_ENV=production
env_file:
- ./.config.env
user: "${USER_INFO}"
Related Topics
Linux >2.6.33: Could Sendfile() Be Used to Implement a Faster 'Cat'
How to Disable Floating Point Unit (Fpu)
Warning: The Use of 'Tmpnam' Is Dangerous, Better Use 'Mkstemp'
Lapack/Blas/Openblas Proper Installation from Source - Replace System Libraries with New Ones
Extract Unique Block of Lines from a File Using Shell Script
What Is The Side Effect of Setting Tcp_Max_Tw_Buckets to a Very Small Value
Sysfs Interface. I Can't Export Gpio Pins in a Xilinx's Board (Zybo and Other)
Sed Search a Range and Print First Set
Documentation About Device Driver Programming on Kernel 3.X
Install Gulp Browserify Gives Error Always
Oracle Query - Ora-01652: Unable to Extend Temp Segment But Only in Some Versions of Sql*Plus
How to Modify The Linux Kernel to Change The Version String That Uname Returns
Running Linux Container on Docker Windows
Grep Array Parameter of Excluded Files
How to Ensure That a Process Runs in a Specific Physical CPU Core and Thread
Trying to Install Docker Gpg Key Recieving Error: Curl: Option '-' Is Unknown