File permissions for mounted volumes in docker

Question

Currently using WSL2 ubuntu with docker-desktop for windows with WSL integration.

docker-compose.yml file

version: '3.9'
services:

  wordpress:
    # default port 9000 (FastCGI)
    image: wordpress:6.1.1-fpm
    container_name: wp-wordpress
    env_file:
      - .env
    restart: unless-stopped
    networks:
      - wordpress
    depends_on:
      - database
    volumes:
      - ${WORDPRESS_LOCAL_HOME}:/var/www/html
      - ${WORDPRESS_UPLOADS_CONFIG}:/usr/local/etc/php/conf.d/uploads.ini
      # - /path/to/repo/myTheme/:/var/www/html/wp-content/themes/myTheme
    environment:
      - WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST}
      - WORDPRESS_DB_NAME=${WORDPRESS_DB_NAME}
      - WORDPRESS_DB_USER=${WORDPRESS_DB_USER}
      - WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD}

  database:
    # default port 3306
    image: mysql:latest
    container_name: wp-database
    env_file:
      - .env
    restart: unless-stopped
    networks:
      - wordpress
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
    volumes:
      - ${MYSQL_LOCAL_HOME}:/var/lib/mysql
    command:
      - '--default-authentication-plugin=mysql_native_password'

  nginx:
    # default ports 80, 443 - expose mapping as needed to host
    image: nginx:latest
    container_name: wp-nginx
    env_file:
      - .env
    restart: unless-stopped
    networks:
      - wordpress
    depends_on:
      - wordpress
    ports:
      - 8080:80    # http
      - 8443:443   # https
    volumes:
      - ${WORDPRESS_LOCAL_HOME}:/var/www/html
      - ${NGINX_CONF}:/etc/nginx/conf.d/default.conf
      - ${NGINX_SSL_CERTS}:/etc/nginx/certs
      - ${NGINX_LOGS}:/var/log/nginx
      
  adminer:
    # default port 8080
    image: adminer:latest
    container_name: wp-adminer
    restart: unless-stopped
    networks:
      - wordpress
    depends_on:
      - database
    ports:
      - "9000:8080"
networks:
  wordpress:
    name: wp-wordpress
    driver: bridge

I'm just starting out with development using docker. The file on the local storage(in the Linux file system) was initially owned by www-data so I changed it to my linux username using sudo chown -R username:username wordpress/ because it wasn't writeable. But doing this doesn't allow me to upload files(from wordpress interface) or write to files inside the nginx container unless the ownership is changed back to www-data:www-data.

Things I've tried:

1. Starting a bash session inside the nginx container with docker exec -it <cname> bash and changing the ownership of the uploads directory and writing files to my username.(after adding user with adduser username )
2. Changing the nginx user within the bash session to my username using user username username

I don't know what else to try except sudo chmod -R a+rwx in the main directory.

default.conf:

# default.conf
# redirect to HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name wordpress-docker.test;
    location / {
        # update port as needed for host mapped https
        rewrite ^ https://wordpress-docker.test:8443$request_uri? permanent;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name wordpress-docker.test;
    index index.php index.html index.htm;
    root /var/www/html;
    server_tokens off;
    client_max_body_size 75M;

    # update ssl files as required by your deployment
    ssl_certificate     /etc/nginx/certs/localhost+2.pem;
    ssl_certificate_key /etc/nginx/certs/localhost+2-key.pem;

    # logging
    access_log /var/log/nginx/wordpress.access.log;
    error_log  /var/log/nginx/wordpress.error.log;

    # some security headers ( optional )
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass wordpress:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off; access_log off;
    }

    location = /favicon.svg {
        log_not_found off; access_log off;
    }

    location = /robots.txt {
        log_not_found off; access_log off; allow all;
    }

    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
}

Folder struct:

    |-config
    |--uploads.ini
    |-dbdata
    |-logs
    |-nginx
    |--certs
    |--default.conf
    |-wordpress
    |-.env
    |-docker-compose.yml

Answer 1

Refering to this answer, this is how I resolved my issue:

1. Add your user to the www-data group

   sudo usermod -a -G www-data username

2. Give rw permissions to the www-data group(f flag applies the permissions only to files and leaves the directories)

   sudo find wordpress -type f -exec chmod g+rw {} +