hey guys so i am creating a container that uses bind mounts to mount a host directory into the container. my assumption is that the container should be able to write to the host but this is not the behavior that i am observing. Issue seems to be permission. the dir /opt/docker/logs seems to be owned by root, not daemon.
in the Dockerfile,

Here are the docker compose and Dockerfile that i am using. could someone please take a look and tell me what i am doing wrong?

version: "3"
services:
  web:
    env_file:
      - baraza-web-dev.env
    image: baraza-web:latest
    volumes:
      - /var/log/alika/web:/opt/docker/logs
    deploy:
      replicas: 2
      resources:
        limits:
          cpus: "0.2"
          memory: 250M
      restart_policy:
        condition: on-failure
    ports:
      - "8080:8080"
    networks:
      - webnet

networks:
  webnet:

Dockerfile

FROM openjdk:latest
LABEL MAINTAINER="admin@alika.io"
WORKDIR /opt/docker
ADD --chown=daemon:daemon opt /opt
EXPOSE 8080
RUN ["mkdir", "-p", "/opt/docker/logs"]
RUN ["chown", "-R", "daemon:daemon", "/opt/docker/logs"]
VOLUME ["/opt/docker/logs"]
USER daemon
ENTRYPOINT ["bin/cms"]
CMD []

I am surprised if this Dockerfile builds for you.

Neither the user deamon, nor the group daemon are created in your Dockerfile, nor in the base images Dockerfile …

You have to add a non privileged user in the Dockerfile. When run as a container, the uid:gid of the user inside the container must match the uid:gid of the owner of the mapped volume from the host.

Though, you can override the uid:gid when creating the container for the first non privileged user declared in the Dockerfile either with ‘docker run --user’ or it’s docker-compose counter part “user” underneath the service name declaration. (see: https://docs.docker.com/engine/reference/run/#user, the listed parameters apply for docker run as well as inside a compose file)