I’m having a simple docker-compose setup, but I’m actually trying out only one container at a time.
I have a
./data folder in the Compose directory where I want to persist important storage and also use it as a shared folder between multiple containers.
I tried with a container on Docker Hub, but also with a customly built container based on the certbot container for Let’s Encrypt. As far as I know, both these containers don’t use a specific user inside the container, they just run as root.
I have the following service in Compose:
services: letsencrypt: build: ./letsencrypt ports: - "8081:80" volumes: - ./data/letsencrypt:/etc/letsencrypt:rw
I also tried having a named volume like this:
services: letsencrypt: build: ./letsencrypt ports: - "8081:80" volumes: - letsencrypt:/etc/letsencrypt:rw volumes: letsencrypt:
In the entrypoint of the container, I call
whoami which gives
root. And I try
ls -al /etc/ | grep letsencrypt and
ls -al /etc/letsencrypt, which give:
drwxr-xr-x 2 root root 4096 Jun 16 12:47 letsencrypt ls: can't open '/etc/letsencrypt': Permission denied
On the host fs, I tried two approaches: not having the
./data folder existent when I run docker-compose. In that case, it is generated by Compose and looks like this:
drwxr-xr-x. 2 root root 4096 Jun 16 14:47 letsencrypt
So it was created by the host root user and owned by it too.
The user I’m running docker-compose with is not root and does not have UID 1000, but it has 1001. It’s a member of the
docker group and I rebooted after adding it to the group. I tried running docker-compose as root and I had the same issue.
I also tried not using the
:rw suffix, adding an ending
/ to the directory. I tried many things.
I’m not super experienced with Docker and volumes, but I thought permissioning was something Docker would be handling and I as a user would not have to worry about.
Background information about the environment: I setup a fresh CentOS 7 VPS, created a new user for the application (hence UID 1001) and changed to that user. I installed docker from the CentOS repos and compose using the install script. Nothing special.