How to handle permission inside a volume from docker?

I have a container running a PHP application and the php-fpm service can’t write the cache files inside an folder provided by a docker volume.

I gave 777 permissions on the folder I need to write, from the host machine, but it works just for a while. Files created by php-fpm doesn’t have necessary permissions.
Furthermore it’s not possible to change the owner and group with chown command.

  • Docker runs of “pip install” and “npm install” on same container overwriting each other
  • Azure Docker Container - how to pass startup commands to a docker run?
  • Minimizing Docker Images with apt-get build deps
  • Docker with cloudflare
  • Is it good practice to have my sites cert.key and cert.pem in a Nginx Docker container?
  • How to mount Docker container volumes to different path?
  • This is my docker-composer.yml file:

        image: eduardoleal/nginx
            - proxy
            - php:php
        container_name: "app-web"
            - data 
            - ./src/nginx-vhost.conf:/etc/nginx/sites-enabled/default
        image: eduardoleal/php56
        container_name: "app-web-php"
            - data
        container_name: "app-web-data" 
        image: phusion/baseimage
            - /Users/eduardo.leal/Code/vidaclass/web:/var/www/public

    I’m running docker on OSX with VirtualBox.

  • Environment variables with double asterisks in Dockerfile
  • Ngrok: Expose Database in Docker Container
  • Add Logtrail plugin to kibana to see the logs in kibana ui - openshift/origin-aggregated-logging
  • Docker Compose: Exposing Environment Variables to linked service
  • python creating directories and writing files inside docker container
  • Can't build a container from the Dockerfile
  • 4 Solutions collect form web for “How to handle permission inside a volume from docker?”

    MacOS has some mounting problems because of the differences in user and group owning the file versus user and group modifying/reading the file. As a workaround, do the following (preferably using the latest version) of Docker,

    $ brew install docker-machine-nfs
    $ docker-machine start yourdockermachine
    $ docker-machine-nfs yourdockermachine --shared-folder=/Users --nfs-config="-alldirs -maproot=0"

    You can change the name of yourdockermachine as you like. Also, you have the ability to change the shared folder you want to map. The above option is the best bet and works in all cases. I would suggest not changing that so that you don’t mess around with system files.

    After the above setup, make sure you provide appropriate read, write, execute permissions to your files and folders.

    NOTE: Dependencies for above procedure are brew, docker-machine (or the complete docker toolbox for simplicity)

    UPDATE 1: Docker for Mac Beta is in private invite phase. It runs Docker natively on Mac on top of xhyve Hypervisor. It would mean, no more permission errors and improved performance.

    UPDATE 2: Docker for Mac is now in Public Beta. The underlying technology remains the same and the VM is completely managed by the Docker service. The version as of this writing is 1.12.0-rc2 which works seamlessly with OS X without any intervention of docker-machine.

    I had this problem too. Docker machine uses docker user and staff group on mounted volumes, which have UID=1000 and GID=50 respectively. You need to modify your php-fpm config and replace default user (I suppose it’s nobody), with username which have UID=1000 inside container. In case you don’t have such user, you’ll need to create such user. Do the same trick for group with GID=50. It’s very-very dirty hack, but I didn’t found better solution yet.

    If you are using MacOSx. you have to change permission of staff user (this user is created by docker). Default staff user only read permission. So webserver cannot write into your cache folder in docker container. You can do and see the picture below

    chmod -R 777 cache_folder on your mac.

    Hope this answer is useful for you

    enter image description here

    Anyway, you can also use docker-machine-nfs to fix this problem

    Add RUN usermod -u 1000 www-data somewhere before EXPOSE into Dockerfile for eduardoleal/php56 image, it will fix problem with permissions.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.