Docker Community Forums

Share and learn in the Docker community.

Permissions for host volumes

docker

(Tim Spence) #1

I am running Docker on OSX in docker-machine (virtualbox). I want to mount a host volume to this container to persist logs from an application. However, I cannot find a way to change the permissions for the mounted volume.
The default docker-machine configuration mounts /Users of my mac onto /Users of the vm, owned recursively by the docker user, which has uid 1000.
However, the permissions of the volume when mounted in the container seem to preserve uids and gids so my application can only write logs there if it happens to be run by a user with the same uid/gid as the docker user on the docker-machine vm. Obviously I can create a user in the container to run the service and manually specify that it should have uid 1000 as well but this horrible!
Surely there must be a way to mount a host directory as a volume and make it writeable without manually ensuring uids match up?


(Eric Ongerth) #2

@timwspence, I know this is a late reply, but perhaps it will have some value for those researching their own dilemmas later.

I don’t think Docker is ever going that way since it violates some basic unix/linux principles. In short, it’s not kosher for the host to have its sovereign control over the permissions for part of its own storage area overridden by a guest system. When you see it that way I think you must agree that solutions for this really do have to pass through the user and group system that is well established.

A bit of improvement begins to appear when we notice that this is only a problem in development mode and not for production. In production you surely won’t be mounting host dirs into your containers and the issue will be moot.

Once you make that observation, the next step is “well, okay, if this is only a development-phase issue then I’m okay with a workaround such as either (1) running my in-container services as container root, or (2) doing this dance of user and group setup via the Docker files or entrypoint.sh scripts (as you’ve discovered).”

IOW it’s not so horrible since it’s just dealing with kind of a fundamental of container hosting. But I went through the same thing and understand your concern.