Docker Toolbox host folder permissions

I currently have Docker Toolbox running on OS X and have mounted a OS X folder into my container, which by default should be rw.

The folder mounting should look like this: OS X Folder <--> VM Host <--> Container

When my container tries to write to that directory, it is giving an Access Denied error. Folder permissions on the OS X host show that write permissions only exist for me. However, since the Docker VM is running under my account, and therefore write credentials are me, shouldn’t I have access to writing to this directory?

If not, who is trying to authenticate to write into this directory? VM’s root?

How can i change my folder permissions to allow this user, whoever it is, access to this folder?

Hi,

Which directory on your OS X have you mounted as volume into your container?

Did you mount the Host Directory to container directly? or you mounted directory as VBox Shared Folder to VM first and then to container?

If you followed the second method , the shared folder should be mounted with the owner as docker inside the boot2docker VM.

Regards

1 Like

Hi @ranjandas,

I believe its the first. Its all abstracted through Docker Toolbox. I’m not SSH’d into the VBox.

Rather I called a docker run using Docker Toolbox (which is running docker-machine in the background), and passed -v <host directory>:<container directory> as the parameters. So docker mounted my host directory into my container directly, but since the docker host is running on a VM in Virtualbox, there is some magic going on that I just don’t understand as far as permissions are concerned.

The magic is as follows.

When you create a new Docker VM using docker-machine , the /Users directory on OSX is mounted to VirtualBox as a VBox Shared folder.

So if we look at the permissions closely.

On OSX

ls -ld /Users/
drwxr-xr-x  5 root  admin  170 18 Jul 00:32 /Users/

On Docker VM

docker@dev:~$ mount | grep /Users
none on /Users type vboxsf (rw,nodev,relatime)

docker@dev:~$ ls -ld /Users/
drwxr-xr-x    1 docker   staff          170 Jul 17 14:32 /Users//

So the ownership of /Users on VM is docker and staff

So in such a case when you try to attach any directory under /Users Docker is actually mounting it from the VM and its not directly accessing the host filesystem.

And another thing to note is you cannot directly attach directories outside /Users to docker containers in this method. Even if you try that the source directory is actually created on the Docker VM and attached as volume.

Regards

1 Like

I can’t change the ownership of files from inside a Docker container. chmod returns 0 and does not change anything, when run either as an ordinary user or as root. Failing without returning error status violates Unix, Posix, and Linux standards of behavior.

Changing the ownership of directories on the OSX side doesn’t change them in the container. This seems to leave only a very unpleasant hack as a possible way to make my program work. (The program is postgres 9.1, which requires that the postgres user own its data directory.)

Is my observation accurate? Is there a way to create a directory or a file from the container site that has an owner other than docker?

My hack didn’t work, either. I gave the postgres user the same UID as docker so it would own the directory that’s mounted from OSX.

Here’s what I see. chmod has the same bad behavior that chown has: doesn’t do anything, doesn’t return an error. It’s worse, because Unix/POSIX/Linux semantics say it should work.

[postgres@a3ac7a68d041:/data:1]$ id
uid=1000(postgres) gid=50(staff) groups=50(staff),104(ssl-cert)
[postgres@a3ac7a68d041:/data]$ ls -la
total 4
drwxrwxrwx  1 postgres staff  102 2015-11-29 02:27 ./
drwxr-xr-x 67 root     root  4096 2015-11-29 05:01 ../
drwx------  1 postgres staff  102 2015-11-29 03:19 nextdoor/
[postgres@a3ac7a68d041:/data]$ ls -l nextdoor
ls: cannot open directory nextdoor: Operation not permitted
[postgres@a3ac7a68d041:/data:2]$ chmod 750 nextdoor
chmod: changing permissions of `nextdoor': Operation not permitted
[postgres@a3ac7a68d041:/data:1]$

Does the Docker development team recognize that this is a problem?

I’m encountering the same issue as well.

Hi, i had the same problem on osx with docker-machine.

its like @ranjandas said. the /Users folder gets mounted to the vm and from there to the container.

If you use the absolute path in the docker run command the folder mount works:
docker run -it -v $(pwd)/target:/target …

Remember that this only works with directories below the /Users folder.

+1 bump

I’m having a similar issue…however, i moved the image directory to a network folder on my home network.

did anyone ever figure it out?

This may have to do with how file sharing works on OS X.