Search code examples
dockersuperuser

Docker keeps saying must be a superuser

I have a docker image which runs tomcat. Whenever I deploy a detached container and login to the container using docker exec, I usually get logged in by default as root. However, whenever I try commands like mount/umount, the container shell keeps returning an error saying must be superuser

What is this error and how do I fix it?

Solution

  • Even as root, the set of things you can do inside a Docker container is limited. There's some discussion of this under "Runtime privilege and Linux capabilities" in the docker run documentation. Among the things you can't do in a container without additional configuration is mount(8) additional filesystems.

    In general, though, it's not good Docker practice to docker exec into containers and start making changes. You usually want to set things up so that you can run a single docker run (or docker-compose up) command, and everything is automatically configured for you. This is especially important when you start looking at things like restart policies or clustered environments like Docker Swarm or Kubernetes: manually tweaking things after startup doesn't work well when you have multiple copies of a container, potentially on different hosts, that might restart on their own.

    Docker has some built-in support for managing filesystems in the container and it's better to use that:

    • If you're trying to mount --bind a host directory for things like publishing logs out, Docker has its own bind mount system, so you can

      docker run -v $PWD/host/directory/path:/container/path ...

    • If you're trying to mount a physical device for external storage, you can mount(8) it on the host and then bind-mount it into the container as above.

    • Or, you can manually configure a Docker named volume to mount a physical device. The docker volume create command takes extended options that let you manually specify most of the mount options, so you can

      docker volume create disk --driver local --opt device=/dev/sdX
docker run -v disk:/container/path ...

    • If you need to unmount a volume, stop the container, delete it, and re-run it with one fewer -v option. (Stopping and recreating containers for config changes like this is extremely routine.)