Search code examples
docker-composedockerfilesilverstripe-4

Sort out docker container permission when running silverstripe dev/build


I have created a fresh SilverStripe project using composer and I'm wanting to have my containers up and running via docker-compose up.

I have written a very basic Dockerfile:

FROM brettt89/silverstripe-web:7.4-apache

ENV DOCUMENT_ROOT /var/www/html/public
COPY . $DOCUMENT_ROOT
WORKDIR $DOCUMENT_ROOT
RUN chown www-data:www-data $DOCUMENT_ROOT
USER www-data

as well as a simple compose yaml file which specifies almost all the required services for it to work. here's what it looks like:

version: "3.8"
services:
   silverstripe:
      build:
         context: .
      volumes:
         - .:/var/www/html
      depends_on:
         - database
      environment:
         - DOCUMENT_ROOT=/var/www/html/public
         - SS_TRUSTED_PROXY_IPS=*
         - SS_ENVIRONMENT_TYPE=dev
         - SS_DATABASE_SERVER=database
         - SS_DATABASE_NAME=SS_mysite
         - SS_DATABASE_USERNAME=root
         - SS_DATABASE_PASSWORD=
         - SS_DEFAULT_ADMIN_USERNAME=admin
         - SS_DEFAULT_ADMIN_PASSWORD=password
      ports:
        - 8088:80

   database:
      image: mysql:5.7
      environment:
         - MYSQL_ALLOW_EMPTY_PASSWORD=yes
      volumes:
         - db-data:/var/lib/mysql
volumes:
   db-data:

I can get my containers up and running. But when I go to 127.0.0.1:8080:/dev/build, It is raising the mkdir():permission denied warning.

I can see my files in the container have 1000:1000 ownership which I assume is still root?

So wondering how I can fix this. I have seen examples of setting up things such that containers could be created via docker build, but I just want to be able to run things via docker-compose up.

I am using Ubuntu-20.04 and project has been created by $USER.


Solution

  • The quickest trick to fix this, for setting up your local environment, is to change your user UID from 1000 to www-data using the usermod command:

    RUN usermod -u 1000 www-data
    

    then, of course, you can skip your last two lines.

    You can find more info here: https://blog.gougousis.net/file-permissions-the-painful-side-of-docker/