Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Docker container write permissions

Tags:

docker

I have some docker containers running on my machine, one of them being container_1

I am able to access container_1's cli using 

ant@ant~/D/m/l/db> docker exec -it container_1 bash
daemon@1997cc093b24:/$

This allows me to go to container_1's cli but with no write permissions. The following commands give a permission denied error

ant@ant~/D/m/l/db> docker exec -it container_1 touch test.txt
bash: test.txt: Permission denied
ant@ant~/D/m/l/db>docker exec -it container_1 bash
daemon@1997cc093b24:/$ touch test.txt
bash: test.txt: Permission denied

Also tried using --previleged option but the problem persisted

ant@ant~/D/m/l/db> docker --previleged=true exec -it container_1 touch test.txt
bash: test.txt: Permission denied

So I have 2 questions

  1. How do permissions in docker work?
  2. Is this kind of modification to a docker filesystem recommended? If not why?

I have recently started using docker. Please tolorate the amature question. Thanks in advance :)

like image 359
ant_1618 Avatar asked Feb 13 '17 22:02

ant_1618

1 Answers

Docker runs commands as a linux user which is bound to linux filesystem permissions. So the answer to this question depends on:

  1. The uid you are running commands as (this defaults to root, but can be overridden in your image with a USER command in the Dockerfile, or on the docker run cli, or within your docker-compose.yml file).

  2. The location where your command runs since you are using a relative path. This will default to /, but again can be overridden by changing the working directory in various ways, most often with the WORKDIR within the Dockerfile.

  3. The directory and file permissions at that location.

Use ls -al inside the container to see the current permissions. Use id to see the current uid. With docker exec you can pass a flag to change the current user. And to change permissions, you can use chmod to change the permissions themselves, chown to change the user ownership, and chgrp to change the group ownership. e.g.:

docker exec -u root container_1 chmod 777 .

That command will allow any user to read or write to the current folder inside the container by running as the root user.

This assumes you haven't enabled any other security with SE Linux or AppArmor.

like image 138
BMitch Avatar answered Sep 22 '22 14:09

BMitch
Sign in to Comment

Related questions

Supervisor & Docker: How to exit Supervisor if a service doesn't start?
"Docker-compose up" does not pull images everytime , it recreates a pulled image
Can a docker image use executable from the host?
List volumes of Docker container
How can I grab exposed port from inspecting docker container?
Volume changes not persistent after "docker-compose run" command (Django's collectstatic)
docker start a container after stopping
How to install gdbserver package on Alpine Docker image?
Stand up select services with docker-compose
pass parameters to docker entrypoint
How to echo environment variables in Docker
Why does pushing to private, secured docker registry fail?
Running linux container on docker windows
data lost while restarting postgres with docker
Docker error on Windows 2016 "Client.Timeout exceeded while awaiting headers"
Start a service inside docker CentOS 7 container
Cannot Install R Packages in Docker Image
Docker container can't connect to host application using IP whitelist
What's a safe minimum disk size for a production Kubernetes node?
Docker Remote API filters: filter out network by name

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!