Docker – Feed data from read-only directory on host into container

I’m a relative novice to Docker, so please bear with me if the answer is obvious.

I’m trying to give my docker container access to a shared data directory on the host, which has specific group permissions and is read-only for the group of the intended user.

  • Compressing mysql data folder to save in a docker image
  • `docker-machine scp` from local directory to machine
  • Docker pull is not giving real time downloaded-size/total-size when executed through Node.js child process sync
  • How to set hosts in docker for mac
  • Connection error for MongoDb replica-set using docker-compose
  • Installing a specific version of docker-engine (v1.7+) on Ubuntu?
  • I’ve already tried docker run -it -v /data:/data ubuntu /bin/bash with the resulting error docker: Error response from daemon: error while creating mount source path '/data': mkdir /data: permission denied. So it’s clearly a permission issue.

    The gist I got looking around on google is that if you bind-mount a volume, you need to have read-write permission.
    So I’m looking for an alternative way, possibly with docker volume?

    The data directory is huge, so any kind of duplication is not feasible. Also, changing permissions is not possible.

    System info:

    docker Server Version: 17.03.1-ce

    Operating System: Ubuntu 16.04.2 LTS


    EDIT:

    So I finally figured it out after the helpful comment of @barat.

    The problem was, that the exact directory I was trying to mount inside the container had the permissions set up in a way that only members of a specific group could read the contents. I tried everything from docker run -u userwithaccess, docker run --privileged to adding a user within the Dockerfile and specifically assigning the group in question to that user. Nothing worked.

    In the end the solution was relatively simple:

    The parent directory of my data directory had read access for everyone, i.e. also users which were not members of the group. So I was able to mount it without a problem.
    To reach the actual data, I did add the user in the Dockerfile to the group and made sure it had the same name and GID. Finally it was no problem to navigate into the data directory and read any file I wanted.

    So I’m not sure if the directory I tried to mount is just a special case, or if it’s generally not possible to mount a directory with specific group access.
    I found this workaround, but I would still have no solution if the directory I wanted would have been at /.

  • add external application.properties file to a dockerized spring boot web app inside tomcat
  • Docker Swarm that uses just nodes? [duplicate]
  • How to set environment variable as docker image name on build
  • Unable to connect to remote MySQL from a docker on Ubuntu Desktop
  • Passing arguments for Dockerfiles using Docker compose
  • docker -v and symlinks
  • One Solution collect form web for “Docker – Feed data from read-only directory on host into container”

    Try this:

    docker run -v /path/on/host:/path/on/container:ro my/image
    

    Default behaviour of bind mounting is rw, but you can switch this to read only (:ro)

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.