How to handle permission inside a volume from docker?

I have a container running a PHP application and the php-fpm service can’t write the cache files inside an folder provided by a docker volume.

I gave 777 permissions on the folder I need to write, from the host machine, but it works just for a while. Files created by php-fpm doesn’t have necessary permissions.
Furthermore it’s not possible to change the owner and group with chown command.

  • Different hashes while pulling from hub and pushing to registry
  • A directory created in my web application running inside docker is missing
  • Cannot connect to the Docker daemon on Windows 7
  • Obtaining Docker public key.json file
  • Docker DNS not working
  • Docker centos7 image - unable to run apache
  • This is my docker-composer.yml file:

    web:
        image: eduardoleal/nginx
        external_links:
            - proxy
        links:
            - php:php
        container_name: "app-web"
        environment:
            VIRTUAL_HOST: web.app
        volumes_from:
            - data 
        volumes:
            - ./src/nginx-vhost.conf:/etc/nginx/sites-enabled/default
    php:
        image: eduardoleal/php56
        container_name: "app-web-php"
        volumes_from:
            - data
    data:
        container_name: "app-web-data" 
        image: phusion/baseimage
        volumes:
            - /Users/eduardo.leal/Code/vidaclass/web:/var/www/public
    

    I’m running docker on OSX with VirtualBox.

  • Deploying a Scalable Architecture of MEAN Stack on Google Compute Engine
  • How to setup nginx and django with docker-compose?
  • Docker - modifying IPTABLES for host from container
  • get IP address of node app running in docker container
  • Run script in background inside docker container from host
  • “I have no name!” as user logging into Jenkins in a docker container that uses Tini
  • 4 Solutions collect form web for “How to handle permission inside a volume from docker?”

    MacOS has some mounting problems because of the differences in user and group owning the file versus user and group modifying/reading the file. As a workaround, do the following (preferably using the latest version) of Docker,

    $ brew install docker-machine-nfs
    $ docker-machine start yourdockermachine
    $ docker-machine-nfs yourdockermachine --shared-folder=/Users --nfs-config="-alldirs -maproot=0"
    

    You can change the name of yourdockermachine as you like. Also, you have the ability to change the shared folder you want to map. The above option is the best bet and works in all cases. I would suggest not changing that so that you don’t mess around with system files.

    After the above setup, make sure you provide appropriate read, write, execute permissions to your files and folders.

    NOTE: Dependencies for above procedure are brew, docker-machine (or the complete docker toolbox for simplicity)

    UPDATE 1: Docker for Mac Beta is in private invite phase. It runs Docker natively on Mac on top of xhyve Hypervisor. It would mean, no more permission errors and improved performance.

    UPDATE 2: Docker for Mac is now in Public Beta. The underlying technology remains the same and the VM is completely managed by the Docker service. The version as of this writing is 1.12.0-rc2 which works seamlessly with OS X without any intervention of docker-machine.

    I had this problem too. Docker machine uses docker user and staff group on mounted volumes, which have UID=1000 and GID=50 respectively. You need to modify your php-fpm config and replace default user (I suppose it’s nobody), with username which have UID=1000 inside container. In case you don’t have such user, you’ll need to create such user. Do the same trick for group with GID=50. It’s very-very dirty hack, but I didn’t found better solution yet.

    If you are using MacOSx. you have to change permission of staff user (this user is created by docker). Default staff user only read permission. So webserver cannot write into your cache folder in docker container. You can do and see the picture below

    chmod -R 777 cache_folder on your mac.

    Hope this answer is useful for you

    enter image description here

    Anyway, you can also use docker-machine-nfs to fix this problem

    Add RUN usermod -u 1000 www-data somewhere before EXPOSE into Dockerfile for eduardoleal/php56 image, it will fix problem with permissions.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.