I’m not sure we 100% understand what you’re saying but I believe what you want to achieve is to give your application team access a specific folder in the container without them having to launch an interactive shell on the conainer.

Personally I would achieve this using a bind mount:

version: "3.8"

services:
  container_name:
    image: alpine:latest
    ## TRUNCATED -##
   volumes:
      - 'volume_name:/path/in/container'

volumes:
  volume_name:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/path/on/host'

After this I would make the folder on the host a network share and adjust the permissions accordingly.

Nobody should be logging in to the host unless they are managing containers, and nobody should ever be logging in to the containers.

I’m saying this is the only way, or even the right way, but having just heard the problem, this is my first thought. If it were me, and it was a production environment, then I’d actually be looking at some external/shared storage which is attached to the docker host and then mounted to the container like this.