How can I change permission of mounted volumes in docker-compose.yml from the docker-compose.yml?

DockerDocker ComposeDevops

Docker Problem Overview

version: '2'
services:
    web:
        build:
            context: ./
            dockerfile: deploy/web.docker
        volumes:
            - ./:/var/www
        ports:
            - "8080:80"
        links:
            - app

How can I change permission (chmod) /var/www automatically when docker-compose up -d --build?

Docker Solutions

Solution 1 - Docker

When bind-mounting a directory from the host in a container, files and directories maintain the permissions they have on the host. This is by design: when using a bind-mount, you're giving the container access to existing files from the host, and Docker won't make modifications to those files; doing so would be very dangerous (for example, bind-mounting your home-directory would change file permissions of your host's home directory, possibly leading to your machine no longer being usable).

To change permissions of those files, change their permissions on the host.

You can find more information on this in another answer I posted on StackOverflow: https://stackoverflow.com/a/29251160/1811501

Solution 2 - Docker

you can add the permissions after an extra column like:

    volumes:
            - ./:/var/www:ro #read only

Solution 3 - Docker

Actually this is a little more complicated, some better clarity would be required.

If we mount the host folder folder_a into guest folder folder_b and the folder_b was already created, "chown"-ed and "chmod"-ed when the container image was created (Dockerfile), then folder_b defined permissions must take precedence from the guest perspective. This is what is happening on my boxes. As the guest user is not supposed to exist in the host an answer like "add the permissions to the host" is not very beautiful, it would mean "give write permissions to everybody".

If folder_b was not already "prepared" for the mount upfront, but it is mounted "on the fly"; I have not found any way to change the permissions contextually. Trying to reason out loud: the docker daemon on the host does not know anything about the guest users. I am also curious if a chmod/chown on the fly with guest names is technically possible as an evolution of docker. My initial expectation is that the on the fly mount inherited the parent folder permissions ( if /mnt/a is owned by app_user, then mounting in /mnt/a/myMount would preserve app_user ownership to the child folder as well, however, the new mounted folder is owned by root in my tests )

From a security perspective, the guest operating the mounts should never mount its own secured/sensitive folders to the guests. It is generally assumed that if you give a volume to a guest, the guest must be able to execute any operation on it. However mounting "on the fly" produces a "root" owned folder inside the guest as root is the only user known to both guest and host.

Categories
Recommended Docker Solutions
Recommended Docker Compose Solutions
Recommended Devops Solutions

Previous Solution:

How to fix "modified content, untracked content" in git?

GitGit Submodules

Next Solution:

Is it possible to make an in-app button that triggers the PWA "Add to Home Screen" install banner?

JavascriptService WorkerProgressive Web-Apps

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionnotalentgeekView Question on Stackoverflow
Solution 1 - DockerthaJeztahView Answer on Stackoverflow
Solution 2 - DockerEdwinView Answer on Stackoverflow
Solution 3 - DockerMihai UngureanuView Answer on Stackoverflow