What are the best practices for container user permission?

budiantoip · December 28, 2022, 9:10am

I’ve been working on this for several days, but still no luck.

My server is using Ubuntu 20.04.

I’m trying to dockerize a wordpress application.

There’s a container which base image uses wordpress:latest, its docker-compose.yml configuration like this:

wordpress_machine:
    depends_on:
      - db_machine
    image: wordpress:latest
    ports:
      - '8000:80'
    expose:
      - 80
    restart: always
    volumes: ['./:/var/www/html']
    environment:
      DB_HOST: ${PARAM_DB_HOST}
      DB_USER: ${PARAM_DB_USER}
      DB_NAME: ${PARAM_DB_NAME}
      DB_PASSWORD: ${PARAM_DB_PASSWORD}
    networks:
      - site_machine

So you can say, there’s no complex configuration.

The files and folders ownership are set to root:root.

When I tried to run the application in the browser, and then I tried to install a plugin, an error triggered, it said:

Could not create directory. /var/www/html/wp-content/upgrade

I suspect this is because apache inside the container runs the app using www-data, thus when apache tried to create a directory it encountered a permission issue.

What’s the best practice for a case like this?

Any kind of clues are welcome.