docker挂载主机目录文件权限

Question

I am running the mqtt broker Mosqitto in a docker image. I am using the following arguments

sudo docker run -d -p 1883:1883 -p 1884:1884 -v /home/mosquitto/apps/dev/mosquitto:/mosquitto --restart always -u mosquitto eclipse-mosquitto:1.4.

This should mount the host folder /home/mosquitto/apps/dev/mosquitto to the image folder /mosquitto The problem is that the host user IDs (1001) and the docker user IDs (100) do not match.

If I do not specify -u mosquitto, the application complains about not being able to write to /mosquitto/logs/mosquitto.log

So I thought I'd specify -u mosquitto, to make the application inside the image run as user 1001, and therefore have write access to the mounted files. Which worked. But then, the Mosquitto application made a new database file on exit. That file was made with the 101 user as owner..

What exactly happens when I specify -U to docker. How come it kind of did what I was expecting (allowed writing to host files) and kind of didn't do what I was expecting(still made files with the original image user id)

Maybe this is something to do with this specific docker image .. it runs some script internally that switches user?

Answer 1

How about making write access to log path for any user? It may be less secure. But if it is just logs, lets see application inside docker can write to it.

Or think about bootstrap some commands to the container to make permission changes inside.

Answer 2

If you are using Linux or OSX for your Docker location, most likely it is a security or file permissions issue. Go to this bug report Permission denied for directories created automatically by Dockerfile ADD command #1295 and jump to the end...there are several links to sub-bug reports where you can most likely find your solution. I had a very similar issue, and it turned out to be a selinux misconfiguration.