Is it possible to have a mount and a volume in the same container? I have been trying to setup a mount and a volume using different paths but I am having trouble with getting the correct permission sets.
My docker file:
FROM node:16-alpine
RUN apk add dumb-init
RUN addgroup appgroup && adduser -S appuser -G appgroup
RUN mkdir -p /app/logs
WORKDIR /app/
COPY package*.json ./
RUN npm install
COPY . /app
RUN chown -R appuser:appgroup /app/
USER appuser
docker-compose.yml
version: "3.8"
services:
my-service:
user: "1000"
container_name: demou
build:
context: .
image: "my-service"
working_dir: /app/
ports:
- 80:80
environment:
- NODE_VERSION=16
volumes:
- ~/logs:/app/logs/:rw
- other:/app/other/:rw
command: sh -c "dumb-init node src/server.js"
networks:
- Snet
volumes:
other:
name: "other"
networks:
Snet:
name: "Snetwork"
If I keep user: "1000"
in the docker-compose file, the mount works and I can see the files but the volume fails and I get permission denied when attempting to write to app/other as specified in the volume declaration. Removing user: "1000"
resolves the volume permission but causes the mount to fail with permission denied.
using docker exec, I can see the following permissions with the user: "1000"
drwxr-xr-x 1 appuser appgroup 4096 Nov 15 15:08 .
drwxr-xr-x 1 root root 4096 Nov 15 15:08 ..
drwxrwxr-x 2 node node 4096 Nov 15 15:08 logs
drwxr-xr-x 1 appuser appgroup 4096 Nov 15 15:08 node_modules
drwxr-xr-x 2 root root 4096 Nov 15 15:08 other
-rw-rw-r-- 1 appuser appgroup 31394 Nov 15 11:55 package-lock.json
-rw-rw-r-- 1 appuser appgroup 274 Nov 15 11:55 package.json
drwxrwxr-x 1 appuser appgroup 4096 Nov 13 13:56 src
Also, why is logs directory owned by node:node? I haven't setup any node user or group.
My OS/docker host details:
Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal
Thanks
~/logs:/app/logs/:rw
The directory ~/logs
must be granted rw to 1000:1000 (appuser:appgroup) because this is an existing directory on the host.
other:/app/other/:rw
Named volume is created by docker on the host which is owned by root
(except rootless mode). Add the following instruction to your Dockerfile to retain the permission after docker created the named volume and mount to your container:
RUN mkdir -p /app/other
...
VOLUME /app/other
why is logs directory owned by node:node?
This user:group was created in the base image node:16-alpine.
Other method to resolve similar issue like this if it suits your need.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.