I am working on a spring boot application that should be migrated into a docker container (used to run as a systemd service on a server)
The app reads and writes a configurable path on the file system - lets for now assume it is /var/mypath
I built a docker image using the bootBuildImage task from springs gradle plugin. it used what appears to be the default builder image, namely gcr.io/paketo-buildpacks/builder to build the application image.
Consequently, in a docker compose file, I defined a stack, with the (unimportant) mysql db and the spring boot app like this:
version: "3.8"
services:
backend_db:
container_name: "backend_db"
image: "mariadb:latest"
# ...
backend_app:
depends_on:
- "backend_db"
container_name: "backend_app"
image: "myImageName:latest"
restart: always
ports:
- 8080:8080
volumes:
- "app:/var/mypath"
environment:
# mysql data etc...
volumes:
db:
app:
When I start it up with docker-compose up, the spring-boot application does not have write access on /var/mypath.
I figured out, that apparently the CNB build makes the spring application run as user cnb.
I suppose, the volume is created as root and only root has write access to it.
The manual-chown approach seems suboptimal, since I would have expected to be able to just docker-compose up on a server and be done, instead of manually chowning around but anyways:
I have tried to chown the volume to the cnb user from within the container without success:
chown cnb /var/mypath/ chown: changing ownership of '/var/mypath/': Operation not permitted
How can I make sure, that the spring boot application can write the volume?
