Automatically changing the docker container file permissions in a directory in Linux

Question

We have a docker container running in Linux VMs. This container is writing the logs inside a directory in the container.

Container log directory - /opt/log/

This directory in volume mounted to host machine so that all the log files will also be available in host.

Host directory - /var/log/

Here we see container is creating the log files with 600 (-rw-------+) permission. There is no group read permission assigned to these files.

Same permissions are reflecting in host directory also. We need to add group read permission (640) (-rw-r-----+) automatically for all the files getting created in this directory so that other logging agents can read these files.

I have tried setting ACL also for adding this permission on host but these permissions are not getting set for the files inside this directory.

setfacl -Rdm g::r-- /var/log/

Is there a way we can add group read permission automatically for all the files getting created in this host directory?

Answer 1

From the following article,

https://dille.name/blog/2018/07/16/handling-file-permissions-when-writing-to-volumes-from-docker-containers/

There is a parameter to set the user id and the group id for example,
docker run -it --rm --volume $(pwd):/source --workdir /source --user $(id -u):$(id -g) ubuntu

To set the permissions of the user, when starting the container.