linuxdockerfiledocker-composepermissions

I want a directory accessible rwx both from the docker host and from within the container by default. How can I do this?


I had a user outside with a different name than the user inside. Both had the same UID and so I could write on "both sides of the wall" because file permissions had the same UID in & out of docker on a bind-mount volume.

It does not work anymore with the current versions of docker : outside the bind/mount directory belongs to myUser (UID=1000), and inside it belongs to root (UID=0).


Solution

  • I conducted a search to investigate recent changes in Docker's handling of file permissions and ownership for bind mounts but did not find specific information about any recent updates or changes made by Docker in this regard. To address this issue, I suggest try these several options:

    • Option 1: Standard solutions include hard-coding a UID in the Dockerfile. When building your Docker image, you can create a user inside the container with the same UID/GID as the host user and switch to this user. For example, add something like RUN adduser --uid 1000 myUser and USER myUser in your Dockerfile.
    • Option 2: Use user namespace remapping in Docker. This feature maps the container's user to a less-privileged user on the host, mitigating the risks associated with the container's root user.
    • Option 3: Adjust file permissions on the host to be more permissive, allowing the container's user to access them. However, this approach might have security implications.
    • Option 4: When creating the volume, set it up with the correct permissions that match the container's user.

    You can find useful information in this article:

    Permission problems in bind mount in Docker Volume