Docker rootless - unable to write to volume

francoism90 · November 14, 2022, 5:01pm

I’m using a Dockerfile with USER me, running Docker as rootless (Run the Docker daemon as a non-root user (Rootless mode) | Docker Documentation):

FROM php:8.1.12-fpm-alpine

ARG USER=me
ARG UID=1000
ARG GID=$UID

RUN adduser \
    --disabled-password \
    --gecos "" \
    --no-create-home \
    --uid "$UID" \
    "$USER"

RUN mkdir -p /data \
    && chown $UID:$UID /data

USER $USER

This is my docker compose:

services:
  app:
    build:
      context: ./app
      dockerfile: Dockerfile
    user: '1000:1000'
    tty: true
    volumes:
      - ./src:/data

For some reason the /data permissions are root:root instead of the expected 1000:1000 - as used on the host.

I can chown the files on the docker container using chown 1000:1000, however they end up unreadable for the host.

Is something wrong with my setup? Is this indented?

Thanks

chown 1000:1000 - unable for the host

rimelek · November 19, 2022, 1:07am

This is the point of rootless containers. Your user is the root user inside the container so even if you mount a system folder, the process inside the container will not be able to edit that folder unless your user or the main group has right to do that.