Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do you manage permissions when developing in a Docker container?

Tags:

linux

docker

permissions

When developing in a Docker container on Linux, there is a problem with permissions: how to manage file ownership and permissions between the host and the container.

Imagine that I have a Docker image that runs Ubuntu and an Apache server. Using the default settings for (recent versions of) Apache, the document root will be /var/www/html and Apache will be run as the www-data user.

In order to do some development, I expose the document root via Docker with -v /path/to/my/files:/var/www/html. And this is where the problem arises:

The files in /path/to/my/files are owned by the containers www-data user. If I'm lucky and my host has a www-data user, it will be that user; otherwise, it will be a distinct user local to the container. The permissions on those files will (probably) be 0755.

So, when I'm working away as myself (a user called jsmith), those files cannot be edited by me because of incorrect file permissions & ownership.

  • I could change the ownership of the files to jsmith, but that will cause problems with Apache - it will have difficulty accessing files in the document root.

  • I could change the permissions to 0777, but any new files I create in the course of my work will be owned by jsmith.

The end result is that it is necessary to constantly adjust ownership & permissions on the development files. Other people must have this problem, but every post I've seen on the topic of using Docker in a development workflow just kind of overlooks this problem.

I do have a solution, but I'm not entirely happy with it:

  • I set up a folder at /src/myproject. This holds my development files and is owned by www-data:www-data.

  • Using BindFS, I mount /src/myproject at ~/myproject, mapping www-data:www-data to jsmith:jsmith. This allows me to edit files in ~/myproject without messing around with permissions.

  • The Apache Docker container mounts the /src/myproject directory with -v /src/myproject:/var/www/html. Apache sees the www-data ownership of the files and has no problems.

This works well, but seems overly complicated. How do other people solve this problem?

like image 320
Kryten Avatar asked Sep 23 '15 19:09

Kryten

1 Answers

I realize I'm very likely too late but this might be of help to someone.

In your Dockerfile, you could do this:

RUN usermod -u 1000 www-data
RUN groupmod -g 1000 www-data

This may work in some setups.

like image 171
schoel Avatar answered Oct 16 '22 16:10

schoel
Sign in to Comment

Related questions

Priority of kernel modules and SCHED_RR threads
Sending a packet through a kernel module
How do I merge two binary executables?
is there any way to enlarge the font of menu bar and prompt windows in matlab
Transparent background in Emacs on Gnome Shell
Linux stuck in CPU soft lockup?
printk() doesn't print in /var/log/messages
MMIO read/write latency
Bug with robust mutex
How to take screen shot in Linux without X11 or /dev/fb0?
UDP sendto performance over loopback
cmake force parallel .C.o compilation before linking
Vim won't accept newline as enter
Why linux has enough memory but swap is used
IPv6 Bind failures
Getting stack trace on Android NDK
JMeter stuck at 'Waiting for possible shutdown message on port 4445'
How to securely have many to many users on virtual hosts
How to implement or emulate MADV_ZERO?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!