8

I am experimenting with the new named volumes in docker since 1.9. They are supposed to replace data-only containers. However, I have a hard time to use named volumes for the following use-case:

I have several containers that runs applications as some non-root user, call it appuser; I do fix the uid and gid in my base image from which all the application container images are derived. Each application writes a log file to a folder that is owned by appuser. Then, I set up a data-only container, derived from the same base image. Using the volumes-from directive, I mount this data-only container to store my log files. It works because the uid is fixed.

Instead, If I try to use a named volume, the applications cannot write their log files because the named volume is owned by some user that depends on the volume driver (user xfs in my case of the "local") driver. Is there a possibility to create the log folder with correct permissions in the named volume?

Or put more generally - are named volumes any good if the application in the container that mounts the named volume runs as non-root user? From what I just described above, such an application would not be able to write to or create any folder in the named volume.

Ulrich Schuster
  • 1,670
  • 15
  • 24

1 Answers1

9

Based on what I experience, it seems that named-volumes always get mounted as root
I inspected the named volume to find the host's folder and then changed a couple of permissions on the host's folder until mounting the host folder directly mounted it as non-root using

-v /var/lib/docker/volumes/builds/:/mnt/build

I get

[user@d5003c91f6d1 ~]$ ll /mnt
total 4
drwxr-xr-x 2 user user 4096 Sep 18 19:29 build

but if I go back to using that same named-volume 

-v builds:/mnt/build

then i get

[user@42f237282128 ~]$ ll /mnt
total 4
drwxr-xr-x 2 root root 4096 Sep 18 19:29 build

I asked this question to find a way to change this

Community
  • 1
  • 1
Hilikus
  • 9,954
  • 14
  • 65
  • 118