I have a container I am defining in a Dockerfile:
FROM python:3.9-alpine
WORKDIR /usr/app/
COPY src/backend/ .
RUN apk add acl
RUN pip install -r requirements.txt
RUN adduser -D game wheel
RUN setfacl -Rdm u:game:rwx /usr/app/
RUN chown -hR game /usr/app/ && chown -hR game /var/log/
USER game
HEALTHCHECK CMD curl --fail http://localhost:5000 || exit 1
CMD [ "python", "./src/app.py" ]
The intention is to run the container as ‘game’ user. The docker-compose file portion defining this service is this:
server:
container_name: "server"
user: game
build:
context: .
dockerfile: ./src/backend/Dockerfile
volumes:
- ./src/backend/:/usr/app
ports:
- 5000:5000
depends_on:
- redis
I am hitting a permissions error trying to access the /usr/app/ directory when running “docker compose up -d” but not when running “docker run” on the server image directly. The question: why those two commands have a different user executing the command? Both should be the game user from the Dockerfile.