0

Consider the following failing docker-compose.yml:

version: '3.7'

services:
    test:
        image: ubuntu
        user: nobody
        entrypoint: touch /tmp-a/hai
        volumes:
            - a:/tmp-a

volumes:
    a:

In the example, in order to avoid creating a Dockerfile, I manually set the user. Normally though, I try to drop root in my Dockerfiles and when I do that, I can't use the volumes docker-compose mounted for me. The reason is that the root directory for that mount is owned by root and any user other than root can't write there.

My workaround is to explicitly set user: root in docker-compose, then change the permissions manually for the directory and drop the privileges in entrypoint, but I find that very inelegant. Is there a way to make docker-compose set permissions for my containers so that my test case doesn't fail?

d33tah
  • 10,999
  • 13
  • 68
  • 158
  • this https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee. And this https://github.com/docker/compose/issues/3270 :) – paltaa May 29 '20 at 12:35
  • I think the only portable way to do it is what you're doing now, start as root then drop privileges. For the bind-mount case you can require the operator to set permissions correctly, but that won't help for Docker named volumes or anything you can get in a Kubernetes environment. – David Maze May 29 '20 at 12:46

0 Answers0