I currently have Docker Toolbox running on OS X and have mounted a OS X folder into my container, which by default should be rw.
The folder mounting should look like this: OS X Folder <--> VM Host <--> Container
When my container tries to write to that directory, it is giving an Access Denied error. Folder permissions on the OS X host show that write permissions only exist for me. However, since the Docker VM is running under my account, and therefore write credentials are me, shouldn’t I have access to writing to this directory?
If not, who is trying to authenticate to write into this directory? VM’s root?
How can i change my folder permissions to allow this user, whoever it is, access to this folder?
I believe its the first. Its all abstracted through Docker Toolbox. I’m not SSH’d into the VBox.
Rather I called a docker run using Docker Toolbox (which is running docker-machine in the background), and passed -v <host directory>:<container directory> as the parameters. So docker mounted my host directory into my container directly, but since the docker host is running on a VM in Virtualbox, there is some magic going on that I just don’t understand as far as permissions are concerned.
docker@dev:~$ mount | grep /Users
none on /Users type vboxsf (rw,nodev,relatime)
docker@dev:~$ ls -ld /Users/
drwxr-xr-x 1 docker staff 170 Jul 17 14:32 /Users//
So the ownership of /Users on VM is docker and staff
So in such a case when you try to attach any directory under /Users Docker is actually mounting it from the VM and its not directly accessing the host filesystem.
And another thing to note is you cannot directly attach directories outside /Users to docker containers in this method. Even if you try that the source directory is actually created on the Docker VM and attached as volume.
I can’t change the ownership of files from inside a Docker container. chmod returns 0 and does not change anything, when run either as an ordinary user or as root. Failing without returning error status violates Unix, Posix, and Linux standards of behavior.
Changing the ownership of directories on the OSX side doesn’t change them in the container. This seems to leave only a very unpleasant hack as a possible way to make my program work. (The program is postgres 9.1, which requires that the postgres user own its data directory.)
Is my observation accurate? Is there a way to create a directory or a file from the container site that has an owner other than docker?
My hack didn’t work, either. I gave the postgres user the same UID as docker so it would own the directory that’s mounted from OSX.
Here’s what I see. chmod has the same bad behavior that chown has: doesn’t do anything, doesn’t return an error. It’s worse, because Unix/POSIX/Linux semantics say it should work.
[postgres@a3ac7a68d041:/data:1]$ id
uid=1000(postgres) gid=50(staff) groups=50(staff),104(ssl-cert)
[postgres@a3ac7a68d041:/data]$ ls -la
total 4
drwxrwxrwx 1 postgres staff 102 2015-11-29 02:27 ./
drwxr-xr-x 67 root root 4096 2015-11-29 05:01 ../
drwx------ 1 postgres staff 102 2015-11-29 03:19 nextdoor/
[postgres@a3ac7a68d041:/data]$ ls -l nextdoor
ls: cannot open directory nextdoor: Operation not permitted
[postgres@a3ac7a68d041:/data:2]$ chmod 750 nextdoor
chmod: changing permissions of `nextdoor': Operation not permitted
[postgres@a3ac7a68d041:/data:1]$
Does the Docker development team recognize that this is a problem?