Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker container write permissions

Tags:

docker

I have some docker containers running on my machine, one of them being container_1

I am able to access container_1's cli using

ant@ant~/D/m/l/db> docker exec -it container_1 bash
daemon@1997cc093b24:/$

This allows me to go to container_1's cli but with no write permissions. The following commands give a permission denied error

ant@ant~/D/m/l/db> docker exec -it container_1 touch test.txt
bash: test.txt: Permission denied
ant@ant~/D/m/l/db>docker exec -it container_1 bash
daemon@1997cc093b24:/$ touch test.txt
bash: test.txt: Permission denied

Also tried using --previleged option but the problem persisted

ant@ant~/D/m/l/db> docker --previleged=true exec -it container_1 touch test.txt
bash: test.txt: Permission denied

So I have 2 questions

  1. How do permissions in docker work?
  2. Is this kind of modification to a docker filesystem recommended? If not why?

I have recently started using docker. Please tolorate the amature question. Thanks in advance :)

like image 359
ant_1618 Avatar asked Feb 13 '17 22:02

ant_1618


1 Answers

Docker runs commands as a linux user which is bound to linux filesystem permissions. So the answer to this question depends on:

  1. The uid you are running commands as (this defaults to root, but can be overridden in your image with a USER command in the Dockerfile, or on the docker run cli, or within your docker-compose.yml file).

  2. The location where your command runs since you are using a relative path. This will default to /, but again can be overridden by changing the working directory in various ways, most often with the WORKDIR within the Dockerfile.

  3. The directory and file permissions at that location.

Use ls -al inside the container to see the current permissions. Use id to see the current uid. With docker exec you can pass a flag to change the current user. And to change permissions, you can use chmod to change the permissions themselves, chown to change the user ownership, and chgrp to change the group ownership. e.g.:

docker exec -u root container_1 chmod 777 .

That command will allow any user to read or write to the current folder inside the container by running as the root user.

This assumes you haven't enabled any other security with SE Linux or AppArmor.

like image 138
BMitch Avatar answered Sep 22 '22 14:09

BMitch