Wrong permissions in volume in Docker container
Solution 1
1) General idea: Docker it is not Vagrant. It is wrong to put two different services into one container! Split it into two different images and link them together. Don't do this shitty image.
Check and follow https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
- Avoid installing unnecessary packages
- Run only one process per container
- Minimize the number of layers
If you do it:
- you will remove your supervisor
- your can decrease numbers of layers
It should be something like (example):
FROM alpine
RUN apk add --update \
wget \
curl
RUN apk add --update \
php \
php-fpm \
php-pdo \
php-json \
php-openssl \
php-mysql \
php-pdo_mysql \
php-mcrypt \
php-ctype \
php-zlib
RUN usermod -u 1000 www-data
RUN rm -rf /var/cache/apk/*
EXPOSE 9000
For nginx it is enough to use default image and mount configs. docker-compose file like:
nginx:
image: nginx
container_name: site.dev
volumes:
- ./myconf1.conf:/etc/nginx/conf.d/myconf1.conf
- ./myconf2.conf:/etc/nginx/conf.d/myconf2.conf
- $PWD/cms:/srv/cms
ports:
- "80:80"
links:
- phpfpm
phpfpm:
build: ./phpfpm/
container_name: phpfpm.dev
command: php5-fpm -F --allow-to-run-as-root
volumes:
- $PWD/cms:/srv/cms
2)
Add RUN usermod -u 1000 www-data
into Dockerfile for php container, it will fix problem with permission.
Solution 2
For alpine version you need to use:
RUN apk add shadow && usermod -u 1000 www-data && groupmod -g 1000 www-data
rotespferd
Updated on July 12, 2022Comments
-
rotespferd almost 2 years
I run Docker 1.8.1 in OSX 10.11 via an local docker-machine VM.
I have the following docker-compose.yml:
web: build: docker/web ports: - 80:80 - 8080:8080 volumes: - $PWD/cms:/srv/cms
My Dockerfile looks like this:
FROM alpine # install nginx and php RUN apk add --update \ nginx \ php \ php-fpm \ php-pdo \ php-json \ php-openssl \ php-mysql \ php-pdo_mysql \ php-mcrypt \ php-ctype \ php-zlib \ supervisor \ wget \ curl \ && rm -rf /var/cache/apk/* RUN mkdir -p /etc/nginx && \ mkdir -p /etc/nginx/sites-enabled && \ mkdir -p /var/run/php-fpm && \ mkdir -p /var/log/supervisor && \ mkdir -p /srv/cms RUN rm /etc/nginx/nginx.conf ADD nginx.conf /etc/nginx/nginx.conf ADD thunder.conf /etc/nginx/sites-enabled/thunder.conf ADD nginx-supervisor.ini /etc/supervisor.d/nginx-supervisor.ini WORKDIR "/srv/cms" VOLUME "/srv/cms" EXPOSE 80 EXPOSE 8080 EXPOSE 22 CMD ["/usr/bin/supervisord"]
When I run everything with
docker-compose up
everything works fine, my volumes are mounted at the correct place.But the permissions in the mounted folder /srv/cms look wrong. The user is "1000" and the group is "50" in the container. The webserver could not create any files in this folder, because it runs with the user "root".
-
Jeff Kilbride almost 8 yearsAlpine doesn't support
usermod
out of the box. You need to install theshadow
package from thetesting
branch.