I’m using docker for serving huge website with php. Issue is that when I’m linking my host volume to container I get permission errors. I know that I could run chmod -R 777 /var/www
but isn’t it little bit dangerous?
My Dockerfile
FROM php:7.0.3-apache
RUN docker-php-ext-install mysqli
RUN a2enmod rewrite
RUN a2enmod headers
RUN docker-php-ext-install pdo_mysql
RUN apt-get update -y && apt-get install -y sendmail libpng-dev
RUN apt-get update &&
apt-get install -y
zlib1g-dev
RUN apt-get update && apt-get install -y
libfreetype6-dev
libjpeg62-turbo-dev
libpng-dev
&& docker-php-ext-install -j$(nproc) iconv
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/
&& docker-php-ext-install -j$(nproc) gd
RUN docker-php-ext-install mbstring
RUN docker-php-ext-install zip
RUN docker-php-ext-install gd
My Docker-Compose.yml
version: "2"
services:
www:
build: .
ports:
- "80:80"
volumes:
- ./test.com:/var/www/
links:
- db
networks:
- default
db:
image: mysql:5.7
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: test
MYSQL_USER: test
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
volumes:
- ./mysql:/var/lib/mysql
networks:
- default
Any ideas how to handle host volume permissions?
3
Answers
It is definitely not a good idea to
chmod
with777
, as you already suspected. You will need to chown the folders and files to the apache group with:chown -R <current_user>:www-data /test.com
and change the permissions to755
.I hope this helps you
You can set uid for docker container’s user is equal with host user’s uid. It should help.
I spent sometime looking for the best solution for this case.
The cleanest way I found was setting the permission to the user 33 at the host machine.
Options I’ve tried:
Define a different user ID in Docker composer file: May work many times, but may cause errors when Apache trying to use internal files (e.g. ssh keys)
Passing the local UID as an env variable and adding www-data to the same group/id: You must do that during the building process as part of the Docker file instructions, so it also creates another sketchy scenario when you create a image with permissions from your host machine.
The less messy way I found is giving permissions to your local files to the user 33. Note that you do not have to create the user.
setfacl -R -m u:33:rwx /path/to/your/files