Skip to content
/ docker-volume-permissions Public

An example on how to avoid volume permissions problems with docker (compose) with a user, without root

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gmolveau/docker-volume-permissions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
app
app
 
 
files
files
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
compose.yml
compose.yml
 
 
entrypoint.sh
entrypoint.sh
 
 
matchown.sh
matchown.sh
 
 

Repository files navigation

docker-volume-permissions

An example on how to avoid volume permissions problems with docker (compose) with a user without root privileges

This example solves this problem with a custom entrypoint, that reads env variables to change the UID and GID of the current user of the docker container to match the desired ones (usually the current user of the host).

Take into consideration that with this solution, the container initially starts as root, but the entrypoint then switches to another user to run your command.

It is possible to use another method using the setuid bit of the script, but it has some caveats (eg. impossible to restart a container because the setuid can only be used once - so only useful for ephemeral containers).

Please note that the $UID and $GID are shell variables, not environment variables. It is not possible to use them directly in the docker compose file. So if you want to dynamically get the $UID and $GID of the current user, a script (or a makefile) can be used to set those env variables dynamically.

For example : PUID=$(id -u) PGID=$(id -g) docker compose up -d.

Try it

docker compose build --no-cache

PUID=$(id -u) PGID=$(id -g) docker compose up
# or
make run
# notice that a `ok.txt` file has been created with the correct permissions in the `data` folder
docker compose down
docker image rm vol:test

Other solutions

  • use named volumes, not bind-hosted
  • use a S3 storage (eg. minio)
  • use s6-overlay with s6-setuidgid

Sources and inspirations

About

An example on how to avoid volume permissions problems with docker (compose) with a user, without root

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages