symfony docker permission problems for cache files

Question

I have a symfony setup for docker with docker-compose which is working well except when i run cache:clear from console, the webserver cant access the files.

I can circumvent the permission problem by uncommenting umask(0000); in console and web/app_dev.php but i would like to run symfony as recommended.

What i do is spin up the containers docker-compose up
Then i enter the container. The container contains the apache, php and the code via a data volume.

docker exec -i -t apache_1 /bin/bash

Apparently i am logged in as root then and when i run

app/console cache:clear

all files in cache belong to user root. www-data as webserver user now cant access the files anymore.

I also can circumvent this by logging in as www-data then the files generated by the cache:clear belong to www-data and the webserver can access them.

docker exec -u www-data -i -t apache_1 /bin/bash

But this has the downside that i dont land in bash but in /usr/sbin/nologin and dont have things like bash_history and so on.

Searching around i found this as part of the Dockerfile to solve the permission issue but it as no effect for me.

RUN usermod -u 1000 www-data

If i understand correct this switches the user 1000 to www-data, but as i am root when i login to the container this does not work, i assume.

So why am i root when i login to the container and how is this usermod suppose to work?

the docker-compose.yml:

proxy:
  image: jwilder/nginx-proxy:latest
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
  ports:
    - "80:80"
elastic:
  build: docker/elasticsearch
  ports:
    - "9200:9200"
  volumes:
    - data/elasticsearch:/usr/local/elasticsearch/data
apache:
  build: docker/apachephp
  environment:
    - VIRTUAL_HOST=myapp.dev
  volumes:
    - ./code:/var/www/app
    - ./dotfiles/.bash_history:/.bash_history
    - ./logs:/var/www/app/app/logs
  links:
    - elastic
  expose:
    - "80"

Answer 1

I'd think changing www-datas userid to your host-user's id is a good solution, as permissions for the host user are fairly easy to setup.

#change www-data`s UID inside a Dockerfile
RUN usermod -u [USERID] www-data 

user id 1000 is the default for most linux systems afaik... 501 on mac
you can run id -u on the host system to find out.

You could then log into the container to run symfony commands as www-data

docker exec -it -u www-data [CONTAINER] bash

I was wondering how you could set the userid dynamically on container build. I guess passing it via --build-arg to docker-compose would be the way

docker-compose build --build-arg USERID=$(id -u)

...but haven't managed to access that var in the Dockerfile yet.