How to read and write to mounted volume without running as root?

When mounting a volume with the following command:

docker run -t -i --volumes-from FOO BAR

the volumes from FOO are mounted with root as owner. I can’t read and write to that without running as root as far as I know. Must I run as root or is there some other way?

  • Docker: how to restart process inside of container?
  • Version increment for docker images
  • iptables rules break communication between Docker containers
  • nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) on docker
  • marathon instances are not running
  • SQL scripts inside /docker-entrypoint-initdb.d directory are not executed
  • I have tried by creating the folder with other owner before mounting but the mounting seems to overwrite that.


    Edit: A chown would work if it could be done automatically after the mounting somehow.

  • Brand new Ubuntu 14.04.2 Docker container + Nginx: connection refused on port 80
  • docker0 interface missing on osx
  • Why are Docker container images so large?
  • Docker /bin/bash: nodemon: command not found
  • Docker run - User group not working as expected?
  • Allow communication between two docker bridge networks using docker-compose
  • 2 Solutions collect form web for “How to read and write to mounted volume without running as root?”

    I’m not sure why you aren’t able to change your folder permissions in your source image. This works without issue in my lab:

    $ cat df.vf-uid
    FROM busybox
    
    RUN mkdir -p /data && echo "hello world" > /data/hello && chown -R 1000 /data
    
    $ docker build -f df.vf-uid -t test-vf-uid .
    ...
    Successfully built 41390b132940
    
    $ docker create --name test-vf-uid -v /data test-vf-uid
    e12df8f84a3b1f113ad5440b62552b40c4fd86f99eec44698af9163a7b960727
    
    $ docker run --volumes-from test-vf-uid -u 1000 -it --rm busybox /bin/sh
    / $ ls -al /data
    total 12
    drwxr-xr-x    2 1000     root          4096 Aug 22 11:44 .
    drwxr-xr-x   19 root     root          4096 Aug 22 11:45 ..
    -rw-r--r--    1 1000     root            12 Aug 22 11:43 hello
    / $ echo "success" >/data/world
    / $ ls -al /data
    total 16
    drwxr-xr-x    2 1000     root          4096 Aug 22 11:46 .
    drwxr-xr-x   19 root     root          4096 Aug 22 11:45 ..
    -rw-r--r--    1 1000     root            12 Aug 22 11:43 hello
    -rw-r--r--    1 1000     root             8 Aug 22 11:46 world
    / $ cat /data/hello /data/world
    hello world
    success
    / $ exit
    

    So, what I ended up doing was mounting the volume to another container and change the owner (using uid of the owner I wanted in the final setup) from that container. Apparently uid’s are uid’s regardless. This means that I can run without being root in the final container. Perhaps there are easier ways to do it but this seems to work at least. Something like this: (untested code clip from my final solution)

    docker run -v /opt/app --name Foo ubuntu /bin/bash
    docker run --rm --volumes-from Foo -v $(pwd):/FOO ubuntu bash -c "chown -R 9999 /opt/app"
    docker run -t -i --volumes-from FOO BAR
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.