Named volume permissions for non-root container services

I have a named volume that I want to be automatically accessible (read/write) by the container user (solr), instead of having root ownership. It seems like this would be a routine use case, but i’ve been trying different approaches for hours with no luck.

What’s the trick? I have a custom, intermediate base image I’m using (which uses the official solr image), so I can manipulate that image, if it’s helpful.

ICF2008571:deployment_root jjackson$ sw_vers && docker -v
ProductName: Mac OS X
ProductVersion: 10.12.4
BuildVersion: 16E195
Docker version 17.03.1-ce, build c6d412e

I happen to be using docker-compose, but here’s a simple one-liner that demonstrates the issue. Notice the permissions on the data directory.

$ docker run -it --rm -v deleteme1:/opt/solr/data solr bash -c 'ls -l /opt/solr'
total 1376
-rw-r--r--  1 solr solr 655424 Mar  1 06:16 CHANGES.txt
-rw-r--r--  1 solr solr  12646 Feb 11 13:17 LICENSE.txt
-rw-r--r--  1 solr solr 633269 Mar  1 07:21 LUCENE_CHANGES.txt
-rw-r--r--  1 solr solr  26592 Mar  1 06:16 NOTICE.txt
-rw-r--r--  1 solr solr   7242 Mar  1 06:16 README.txt
drwxr-xr-x  3 solr solr   4096 Apr 27 03:20 bin
drwxr-xr-x 14 solr solr   4096 Mar  1 18:02 contrib
drwxr-xr-x  2 root root   4096 May 30 15:08 data
drwxr-xr-x  4 solr solr   4096 Apr 27 03:20 dist
drwxr-xr-x  7 solr solr   4096 Apr 27 03:20 example
drwxr-xr-x  2 solr solr  36864 Apr 27 03:20 licenses
drwxr-xr-x 11 solr solr   4096 Apr 27 03:20 server

Apparently my previous experiments were corrupted somehow. I retried one of the approaches, and now it works fine:

RUN mkdir "/opt/solr/data" && \
  chown -R solr:solr "/opt/solr/data"