5

I'm using Mac OS and recently I'm trying to set up a development environment with docker. Docker seems to be nice, but currently I'm facing the following problem:

PROBLEM:

Whenever PHP (in the docker container) is creating a folder with a subfolder, apache results in a 500-error. Apache-log: "... Can't create directory app/../../folder/subfolder/subsubfolder/"

I assume that this is caused by the environment variable umask, because whenever a folder is created, it doesn't have write permission. Because of that subfolders can't be created and so on.

To test this out, I wrote a little test-script (umask-test.php):

$umask = umask(0);
echo ("umask = $umask <br>");

And bingo! Every time I build and run the container and start the script via the browser, the result is:

umask = 18

GOAL:

So I would like to have umask always to be set to 000 (zero)

I figured out, the best place to set this variable would be the Dockerfile, so in the Dockerfile I stated the following:

FROM ubuntu:trusty
...
ENV UMASK 0
...

Problem is, that this results in nothing:

  • the test-script gives out 18 for umask
  • folders are still created with the wrong permission
  • subfolders can't be created.

QUESTIONS:

What am I doing wrong?

How can umask in docker containers always be set to zero?

How can I permit the apache-user (www-data) to create folders that always have write-permissions and in which subfolders can be created?

codiga
  • 537
  • 5
  • 15

2 Answers2

6

Problem solved

Since hopefully this is helpful for other, I want to provide the answer to my own question:

The problem is not docker and umask-settings in the container. The problem is the Mac and the umask-setting on the Mac OS!!

Example: If umask on the Mac is set to 022, then folders created on mounted directories by docker have the permissions 755. This causes, that no subfolders can be created.

This link is providing the information about how to set umask for the Mac: https://support.apple.com/en-us/HT201684

So if you type in your terminal

 sudo launchctl config user umask 000

and reboot, all your folders will be created with 777-permissions. Including the folders mounted to docker.

Before I was asking myself why running containers (initialized with run -v ...) are not really working. Now it seems to work all right! :-)

codiga
  • 537
  • 5
  • 15
0

According to the Docker docs environment variables you set with ENV do persist to the running container, but Apache is probably very picky about which ones it pays attention to on start up on security grounds.

Try this answer.

Community
  • 1
  • 1
Ian Gibbs
  • 136
  • 1
  • 6
  • I tried it, but it didn't work. The umask-test-script (umask-test.php) gives out a zero though, so obviously the changes ('sudo visudo' and in '/etc/apache2/envvars') had an effect. But folders are still created with the wrong set of permissions. So subfolders still cannot be created. – codiga Jun 11 '16 at 09:27
  • Besides, When I stop the container and run it again, then I would have to make changed again. I would prefer a solution which is permanent, so I can use the advantage of docker in a way that the environment always stays the same each time I start it. – codiga Jun 11 '16 at 09:38
  • Have you tried setting the permissions on the folder via code after you have created it? – Ian Gibbs Jun 11 '16 at 10:02
  • That would be a workaround, but that is not what I'm looking for. I have a webapp that already creates folders and I do not want to revise all the code. There must be a global setting for that (via docker) – codiga Jun 11 '16 at 10:10
  • All my reading suggests that envvars is the right way to do it, and if it isn't working then the code must be overriding it somewhere. See also http://serverfault.com/questions/383734/how-do-i-set-default-umask-in-apache-on-debian and http://php.net/manual/en/function.umask.php especially the user comments at the bottom – Ian Gibbs Jun 11 '16 at 10:19
  • `umask` is not an environment variable, but it is inherited by processes. Configuring it in the parent of any process (like apache/php) you intend to run is the proper solution. Are you creating your directories any other way (e.g. bash cli)? – BMitch Jun 11 '16 at 11:01