Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What does 'rw' mean when bind mounting a directory

Tags:

docker

docker-compose

When starting a container and specifying a volume you can optionally append a third field that's a comma separated list of options like rw.

docker run -v /some-host/path:/some-container/path:rw

This same options are applicable in the docker.compose.yml

services:
  myService:
    image: some/image
    volumes:
      - /some-host/path:/some-container/path:rw

I thought that specifing rw would mean that the container would be able to read from and write to that directory (regardless of user). Contrary to my belief, when the host directory doesn't exist, docker creates it as drwxr-xr-x 2 root root no matter what I specify. The application in the container is not running on root though, so it tries to write to the mounted drive and get's Permission denied.

I've dug through the docker documents, even found this github issue describing the same issue, but can't find anything definitive that explains expected behavior.

So what exactly does rw(read/write) mean when specified as a third option for bind mounted directories?

like image 941
bflemi3 Avatar asked Oct 16 '22 09:10

bflemi3

1 Answers

As DavidMaze says in the comments

in the same way that / on your host is mounted read-write but isn’t world-writable on every file; if it were mounted read-only nobody could write any file.

And the docs:

If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode.

And

If you supply an absolute path for the host-dir, Docker bind-mounts to the path you specify.

The directory is "mounted" as rw by default. So think that to write in a directory it is not enough a rw mount, you also need file permissions on it. In the other hand, having full files permissions is not enough if the directory is mounted as read only. Think it as two layers permissions.

Also:

There is clear value in the ability to make bind mounts read-only, though. Containers are one example: an administrator may wish to create a container in which processes may be running as root. It may be useful for that container to have access to filesystems on the host, but the container should not necessarily have write access to those filesystems.

like image 129
Robert Avatar answered Nov 15 '22 07:11

Robert
Sign in to Comment

Related questions

How can I restore a bacpac file to SQL Server linux docker container?
How to build my own custom Ubuntu ISO with docker
How do I locally source environment variables that I have defined in a Docker-format env-file?
Angular app + NGINX + Docker
Can't restart docker container: OCI runtime create failed: container with id exist
Running multiple instances of Identity server in docker cluster
Cloud-based IDE for Docker-based projects?
psycopg2.OperationalError: could not connect to server: Connection refused
Phantom JS + Docker: html font-family is not respected when converting from HTML
How do you install a dev certificate in a windows docker container and windows host running .net Core templates?
Determine OS type in docker
Rails assets cache not clearing up - Docker, Rails, Nginx
Docker - Failed to start container: id already in use (after reboot)
Angular: ng-serve ignoring certificates
.NET Core Docker with Automated SSL
Cannot connect to Postgres container using psycopg2
How to configure the docker file to run cgi-script like perl
Refresh net.core.somaxcomm (or any sysctl property) for docker containers
does docker always need an operating system as base image
boot2docker startup script to mount local shared folder with host

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!