Clever Geek Handbook

Docker: setting local directories as non-root user in container

I've read quite a few threads on the internet on how best to mount local (project) directories in a Docker container so that directories are not owned by the user root

. Unfortunately, I haven't found an exact answer.

I am creating my development stack with this docker-compose.yml

( SfDocker ):

db:
    image: mysql:latest
    ports:
    - "3306:3306"
    environment:
        MYSQL_ROOT_PASSWORD: symfonyrootpass
        MYSQL_DATABASE: symfony
        MYSQL_USER: symfony
        MYSQL_PASSWORD: symfonypass
worker:
    image: symfony/worker-dev
    ports:
    - "8080:80"
    environment:
        XDEBUG_HOST: 192.168.1.194
        XDEBUG_PORT: 9000
        XDEBUG_REMOTE_MODE: req
    links:
    - db
    volumes:
    - "var/nginx/:/var/log/nginx"
    - symfony-code:/var/www/app

Volumes are set at runtime only after images have been generated. I added a new user RUN groupadd -r luqo33 && useradd -r -g luqo33 luqo33

to the image symfony/worker-dev

, but I was unable to chmod

mount volumes to own it luqo33:www-data

. I tried to do this:

  • Copying and running the command entrypoint.sh

    with the command chmod

    :

    COPY entrypoint.sh/entrypoint.sh RUN chmod + x / entrypoint.sh ENTRYPOINT ["/entrypoint.sh"]

The container starts and then closes for no apparent reason.

  1. Executing CMD chown -R luqo33:www-data

    when containers start - this won't work because at the time the container starts, the worker-dev

    volumes don't seem to be set yet.

I was unable to set ownership of mounted directories to users other than root

. How can I achieve this?

+3


source to share


1 answer


You seem to be a little confused about how Docker works, especially regarding entrypoint and cmd scripts.

Any script specified in an ENTRYPOINT or CMD statement will be executed by the container at runtime. Once the script has finished, the container will exit. For this reason, you will need to run your chmod and run your application in your script.

If the current user is root, a script like the following should work fine in order to set permissions and run the application:



#!/bin/bash

chown -R luqo33:www-data /var/www/app
sudo -u luqo33 exec start-my-app-in-foreground-script-or-bin

There is a slight problem when creating sudo with two processes, so you can use gosu instead .

+1


source






More articles:


All Articles