The "best" location for Volumes defined on docker-compose file

masterlog80 · March 31, 2023, 11:06am

rimelek:

I havestored the data somewhere in /srv/volumes/ so it didn’t have to be a home. I set the permissions on this folder so it was not “executable” by anyone, but the owner, root.
chown 0700 /srv/volumes
Note: In case of folders, the “executable” flag means “can list entries in that folder” so nobody could run cd /srv/volumes only me (well, nobody else were there).

Since Docker ran as root, it didn’t affect the volume mount so other users couldn’t have use the docker command or cd into that folder.

Thanks for getting back.
Your environment seems pretty similar to store the Volumes (bind mounts) in the /root directory.
Or using aCIFS share like I was talking on this topic (mounting it as file_mode=0700,dir_mode=0700).

Correct.
At least per the default settings.

Indeed, I was taking a look but it may not worth the complexity.

That seems a rule valid for everything running as root that can be run as with lower permissions.

Regards