Docker: setting local directories as non-root user in container
I've read quite a few threads on the internet on how best to mount local (project) directories in a Docker container so that directories are not owned by the user root
. Unfortunately, I haven't found an exact answer.
I am creating my development stack with this docker-compose.yml
( SfDocker ):
db:
image: mysql:latest
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: symfonyrootpass
MYSQL_DATABASE: symfony
MYSQL_USER: symfony
MYSQL_PASSWORD: symfonypass
worker:
image: symfony/worker-dev
ports:
- "8080:80"
environment:
XDEBUG_HOST: 192.168.1.194
XDEBUG_PORT: 9000
XDEBUG_REMOTE_MODE: req
links:
- db
volumes:
- "var/nginx/:/var/log/nginx"
- symfony-code:/var/www/app
Volumes are set at runtime only after images have been generated. I added a new user RUN groupadd -r luqo33 && useradd -r -g luqo33 luqo33
to the image symfony/worker-dev
, but I was unable to chmod
mount volumes to own it luqo33:www-data
. I tried to do this:
-
Copying and running the command
entrypoint.sh
with the commandchmod
:COPY entrypoint.sh/entrypoint.sh RUN chmod + x / entrypoint.sh ENTRYPOINT ["/entrypoint.sh"]
The container starts and then closes for no apparent reason.
- Executing
CMD chown -R luqo33:www-data
when containers start - this won't work because at the time the container starts, theworker-dev
volumes don't seem to be set yet.
I was unable to set ownership of mounted directories to users other than root
. How can I achieve this?
source to share
You seem to be a little confused about how Docker works, especially regarding entrypoint and cmd scripts.
Any script specified in an ENTRYPOINT or CMD statement will be executed by the container at runtime. Once the script has finished, the container will exit. For this reason, you will need to run your chmod and run your application in your script.
If the current user is root, a script like the following should work fine in order to set permissions and run the application:
#!/bin/bash
chown -R luqo33:www-data /var/www/app
sudo -u luqo33 exec start-my-app-in-foreground-script-or-bin
There is a slight problem when creating sudo with two processes, so you can use gosu instead .
source to share