Permissions issue with Docker volumes
Question
I want to start using Docker for my Rails development, so I'm trying to put together a skeleton I can use for all my apps.
However, I've run into an issue with Docker volumes and permissions.
I want to bind-mount the app's directory into the container, so that any changes get propagated to the container without the need to re-build it.
But if I define it as a volume in my docker-compose.yml , I can't chown the directory anymore. I need the directory and all its contents to be owned by the app user in order for Passenger to work correctly.
I read that it's not possible to chown volumes.
Do you know of any workarounds?
2 answers
solution1
4 2015-07-29 17:48:54
You could try to run the chown instead by CMD . Like:
CMD chown -R app:app /home/app/webapp && /sbin/my_init
RUN statements are only executed during built time of your image. But there you do not have mounted volumes, yet.
CMD instead is executed during runtime of the container when the volumes are mounted already. So that would have the effect that you want.
solution2
3 ACCPTED 2015-07-29 18:58:11
I use a hacky solution to manage this problem for my development environments. To use on development environments only !
The images I use for development environments contain a script that looks like this:
#!/bin/sh
# In usr/local/bin/change-dev-id
# Change the "dev" user UID and GID
# Retrieve new ids to apply
NEWUID=$1
NEWGID=$1
if [ $# -eq 2 ]
then
NEWGID=$2
elif [ $# -ne 1 ]
then
echo "Usage: change-dev-id NEWUID [NEWGID]"
echo "If NEWGID is not provided, its value will be the same as NEWUID"
exit 1
fi
# Retrieve old ids
OLDUID=`id -u dev`
OLDGID=`id -g dev`
# Change the user ids
usermod -u ${NEWUID} dev
groupmod -g ${NEWGID} dev
# Change the files ownership
find / -not \( -path /proc -prune \) -user ${OLDUID} -exec chown -h ${NEWUID} {} \;
find / -not \( -path /proc -prune \) -group ${OLDGID} -exec chgrp -h ${NEWGID} {} \;
echo "UID and GID changed from ${OLDUID}:${OLDGID} to ${NEWUID}:${NEWGID} for \"dev\""
exit 0
In the Dockerfile of my base image, I add it and make it executable:
# Add a script to modify the dev user UID / GID
COPY change-dev-id /usr/local/bin/change-dev-id
RUN chmod +x /usr/local/bin/change-dev-id
Then, instead of changing the owner of the mounted folder, I change the ID of the container's user to match the ID of my user on the host machine:
# In the Dockerfile of the project's development environment, change the ID of
# the user that must own the files in the volume so that it match the ID of
# the user on the host
RUN change-dev-id 1234
This is very hacky but it can be very convenient. I can own the files of the project on my machine while the user in the container has the correct permissions too.
You can update the code of the script to use the username you want (mine is always "dev") or modify it to pass the username as an argument.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.