setfacl in Dockerfile has no effect
Any idea why docker does not correctly apply the acl changes when running setfacl in the Dockerfile?
Don't take this as an authoritative answer, because I'm just guessing.
Docker images have to run on a variety of distributions, with different storage backends (possibly even more when you facter in image registries, like hub.docker.com
). Even those that are filesystem based may be backed by different filesystems with different capabilities.
This means that in order for Docker images to run reliably and reproducibly in all situations, they have to minimize the number of extended filesystem features they preserve.
This is probably why the extended attributes necessary to implement filesystem ACLs are not preserved as part of the image.
It works in a container because at this point the files are stored on a specific local filesystem, so you can take advantage of any features supported by that filesystem.
Capifony setfacl permissions: Operation not permitted
Finally I managed this creating different PHP-FPM pools with the same permissions as the user. This way I can have different users separated from each other. And as a bonus deploy.rb is simplified.
Setfacl - not supported
ACL has to be explicit activated on ext-filesystems. Therefor you should have something like
/dev/sdb1 /u01 ext4 defaults,acl 1 2
inside your /etc/fstab
.
symfony docker permission problems for cache files
I'd think changing www-data
s userid to your host-user's id is a good solution, as permissions for the host user are fairly easy to setup.
#change www-data`s UID inside a Dockerfile
RUN usermod -u [USERID] www-data
user id 1000 is the default for most linux systems afaik... 501 on mac
you can run id -u
on the host system to find out.
You could then log into the container to run symfony commands as www-data
docker exec -it -u www-data [CONTAINER] bash
I was wondering how you could set the userid dynamically on container build.
I guess passing it via --build-arg
to docker-compose would be the way
docker-compose build --build-arg USERID=$(id -u)
...but haven't managed to access that var in the Dockerfile yet.
How to fix docker: Got permission denied issue
If you want to run docker as non-root user then you need to add it to the docker group.
- Create the docker group if it does not exist
$ sudo groupadd docker
- Add your user to the docker group.
$ sudo usermod -aG docker $USER
- Log in to the new
docker
group (to avoid having to log out / log in again; but if not enough, try to reboot):
$ newgrp docker
- Check if docker can be run without root
$ docker run hello-world
Reboot if still got error
$ reboot
Warning
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface..
Taken from the docker official documentation:
manage-docker-as-a-non-root-user
Related Topics
Arm-Linux-Gnueabi Compiler Options
Automated Installation of R-Studio Using Shell Script
How to Compile a Node C++ Addon So That I Can Use Distribute It on Amazon Aws
How to Enable Hocr Font Info in Tesseract 4
How to Add More Algorithm in Cryptoapi in Linux
Sqlite Data File on Linux and Os X Incompatible
Cmakelist File to Generate Llvm Bitcode File from C Source File
Logging Memory Access Footprint
Stty: Standard Input: Inappropriate Ioctl for Device
How to Identify Padding Scheme Used in Rsa Signature of a Certificate, Using Openssl
How to Attach Domain Name to My Server
I Need a Binary Comparison Tool for Win/Linux
How to Delete The Line That Matches a Pattern and The Line After It with Sed
Shell Script to Get List of Defined Users on Linux
Difference Between .So.0 and .So.0.0.0 Files
The Only Overhead Incurred by Fork Is Page Table Duplication and Process Id Creation