Docker data-only container permissions

Question

I'm developing PHP app and I'm stuck with Docker volumes. I've tried to create a separate data-only container for my PHP app but couldn't make it work because of permission issues... I've googled and read all I could and the most close to working solution is described here

But it's a bit old and I couldn't make it work too.

I've created a repo with a simple test code: https://github.com/oleynikd/docker-volumes-permissions/

This simple project uses docker-compose to run 2 containers:

1. For php fpm
2. For nginx

The php code is mapped to php container and lives in /src directory.

The main problem is that PHP has no rights to write to code's directory because it runs as www-data user but code's directory belongs to user with id 1000 and group staff .

After running docker-compose up and visiting /index.php you'll see the warning and ls -lah output that shows the permission issue. Here's the screenshot:

I've tried to fix this by adding RUN mkdir -p /src && chown -R www-data:www-data /src to php Dockerfile but that didn't helped.

So questions are:

1. Why the owner and the group of /src is 1000:staff?
2. How to fix this?

I'm sure the solution is simple but I can't find it. Please help!

PS Feel free to contribute to repo if you know how to fix this issue.

Answer 1

The owner of the files is 1000:staff because 1000:1000 is the uid:gid of the owner of the files on the host machine.

You could avoid it using volumes without specifying the path of the files on the host machine and adding the files with a COPY instruction in the dockerfile. But maybe you need to easily access to theses files on the host?

For development environments (and development environment only), I use a hacky solution that I described in this answer to manage it.