How to handle permission inside a volume from docker?

I have a container running a PHP application and the php-fpm service can’t write the cache files inside an folder provided by a docker volume.

I gave 777 permissions on the folder I need to write, from the host machine, but it works just for a while. Files created by php-fpm doesn’t have necessary permissions.
Furthermore it’s not possible to change the owner and group with chown command.

  • Cannot connect to wss://ip:5063 when deploy restcomm docker to public server
  • Docker-compose scale up Jetty with NGINX at runtime
  • what is the exact difference between YAML version 1 and YAML version 2?
  • how to assign a group of logical Linux interfaces to a Docker container?
  • Docker: Cannot locate specified Dockerfile error
  • Can Docker automatically add IP addresses to the host upon running container
  • This is my docker-composer.yml file:

    web:
        image: eduardoleal/nginx
        external_links:
            - proxy
        links:
            - php:php
        container_name: "app-web"
        environment:
            VIRTUAL_HOST: web.app
        volumes_from:
            - data 
        volumes:
            - ./src/nginx-vhost.conf:/etc/nginx/sites-enabled/default
    php:
        image: eduardoleal/php56
        container_name: "app-web-php"
        volumes_from:
            - data
    data:
        container_name: "app-web-data" 
        image: phusion/baseimage
        volumes:
            - /Users/eduardo.leal/Code/vidaclass/web:/var/www/public
    

    I’m running docker on OSX with VirtualBox.

  • gitlab docker ssh issue
  • How to change the access url of official phpmyadmin docker image to http://localhost/phpmyadmin?
  • Why it'll abort when I add `RUN ln -sf /dev/stderr /var/log/mysql/error.log` to mysql dockerfile?
  • Boot2Docker doesn't recognize “sudo”, “tce-load”
  • Why the “See It Work” section of the Docker https-portal gives me a “port 443: Connection refused” error?
  • How to restart container using container-id?
  • 4 Solutions collect form web for “How to handle permission inside a volume from docker?”

    MacOS has some mounting problems because of the differences in user and group owning the file versus user and group modifying/reading the file. As a workaround, do the following (preferably using the latest version) of Docker,

    $ brew install docker-machine-nfs
    $ docker-machine start yourdockermachine
    $ docker-machine-nfs yourdockermachine --shared-folder=/Users --nfs-config="-alldirs -maproot=0"
    

    You can change the name of yourdockermachine as you like. Also, you have the ability to change the shared folder you want to map. The above option is the best bet and works in all cases. I would suggest not changing that so that you don’t mess around with system files.

    After the above setup, make sure you provide appropriate read, write, execute permissions to your files and folders.

    NOTE: Dependencies for above procedure are brew, docker-machine (or the complete docker toolbox for simplicity)

    UPDATE 1: Docker for Mac Beta is in private invite phase. It runs Docker natively on Mac on top of xhyve Hypervisor. It would mean, no more permission errors and improved performance.

    UPDATE 2: Docker for Mac is now in Public Beta. The underlying technology remains the same and the VM is completely managed by the Docker service. The version as of this writing is 1.12.0-rc2 which works seamlessly with OS X without any intervention of docker-machine.

    I had this problem too. Docker machine uses docker user and staff group on mounted volumes, which have UID=1000 and GID=50 respectively. You need to modify your php-fpm config and replace default user (I suppose it’s nobody), with username which have UID=1000 inside container. In case you don’t have such user, you’ll need to create such user. Do the same trick for group with GID=50. It’s very-very dirty hack, but I didn’t found better solution yet.

    If you are using MacOSx. you have to change permission of staff user (this user is created by docker). Default staff user only read permission. So webserver cannot write into your cache folder in docker container. You can do and see the picture below

    chmod -R 777 cache_folder on your mac.

    Hope this answer is useful for you

    enter image description here

    Anyway, you can also use docker-machine-nfs to fix this problem

    Add RUN usermod -u 1000 www-data somewhere before EXPOSE into Dockerfile for eduardoleal/php56 image, it will fix problem with permissions.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.