I’m using a bind mount to share files between my running container (using CentOS 8) and the host system (Windows 10). Every file appears as executable and cannot be changed with “chmod -x”.

Here’s what the mount looks like:

    {
        "Type": "bind",
        "Source": "/host_mnt/c/Users/dan/src",
        "Destination": "/home/dan/src",
        "Mode": "",
        "RW": true,
        "Propagation": "rprivate"
    },

Simple example from within Bash:

    ~/src$ touch new_file
    ~/src$ ls -l new_file
    -rwxr-xr-x 1 dan root 0 Oct 22 15:24 new_file
    ~/src$ [[ -x new_file ]] && echo executable
    executable

BTW, the behavior is slightly different on Mac. The mode bits aren’t affected (chmod works), but the shell and other programs still see all mounted files as executable. However, this unusual behavior goes away if I disable gRPC FUSE from the preferences. I don’t see an option to disable FUSE for Windows. Does anyone know if it’s possible?

Mac post: All files within bind mounts are considered executable (when using gRPC FUSE for file sharing)

Apparently this is a known issue: https://docs.docker.com/docker-for-windows/faqs/#can-i-change-permissions-on-shared-volumes-for-container-specific-deployment-requirements

Unfortunately, there don’t appear to be any plans to resolve it.

if you bind mount a host folder, the host folders filesystem is responsible for the permissions. In case of Windows the filesystem is usally NTFS, which does not provide unix file permissions. Docker would need to invent a “unix permisson mapping layer” that keeps track of the host files and the permission set in containers… The idea that Docker should be responsible to tackle limitations of NTFS doesn’t seem right to me. Practically it is up to Microsoft to add support for unix file permissions to NTFS. Once Microsoft added that, Docker will be able to implement their part to make use of it.

Since ages I use vagrant with Linux based boxes to work with Docker on Windows systems. I tried DDfW and immediatly got rid of it again. The user experience is broken compared to the user experience you have with Linux.

If you add

[automount]
options = "metadata"

to /etc/wsl.conf in your distro, then log out, stop WSL with

PS> wsl --shutdown

and open the Linux console again you should be able to use chmod.

Oh, so Microsoft actualy implemented such a layer? wow Thanks for sharing the insight, tekki!

Thanks for the reply. While it may not be up to Docker to solve the limitations of NTFS, it creates a poor user experience (which I suppose could be said of Windows in general ). Running Docker inside Linux (or on Mac) may be the best option right now.

Couldn’t agree more. Docker is a first class citizen on Linux and it knowns very well how to orchestrate it to provide a pleasend user experience. Everywhere else it seems more like a misserable compromise, caused by the lack of components it requires to work flawless.

If i’d be Docker, I would only have released a Linux version and nothing else… Either provide the full posh experience or none at all ^^