I’m having a simple docker-compose setup, but I’m actually trying out only one container at a time.
I have a ./data folder in the Compose directory where I want to persist important storage and also use it as a shared folder between multiple containers.
I tried with a container on Docker Hub, but also with a customly built container based on the certbot container for Let’s Encrypt. As far as I know, both these containers don’t use a specific user inside the container, they just run as root.
I have the following service in Compose:
services:
letsencrypt:
build: ./letsencrypt
ports:
- "8081:80"
volumes:
- ./data/letsencrypt:/etc/letsencrypt:rw
I also tried having a named volume like this:
services:
letsencrypt:
build: ./letsencrypt
ports:
- "8081:80"
volumes:
- letsencrypt:/etc/letsencrypt:rw
volumes:
letsencrypt:
In the entrypoint of the container, I call whoami which gives root. And I try ls -al /etc/ | grep letsencrypt and ls -al /etc/letsencrypt, which give:
drwxr-xr-x 2 root root 4096 Jun 16 12:47 letsencrypt
ls: can't open '/etc/letsencrypt': Permission denied
On the host fs, I tried two approaches: not having the ./data folder existent when I run docker-compose. In that case, it is generated by Compose and looks like this:
drwxr-xr-x. 2 root root 4096 Jun 16 14:47 letsencrypt
So it was created by the host root user and owned by it too.
The user I’m running docker-compose with is not root and does not have UID 1000, but it has 1001. It’s a member of the docker group and I rebooted after adding it to the group. I tried running docker-compose as root and I had the same issue.
I also tried not using the :rw suffix, adding an ending / to the directory. I tried many things.
I’m not super experienced with Docker and volumes, but I thought permissioning was something Docker would be handling and I as a user would not have to worry about.
Background information about the environment: I setup a fresh CentOS 7 VPS, created a new user for the application (hence UID 1001) and changed to that user. I installed docker from the CentOS repos and compose using the install script. Nothing special.
