Question posted in
Some documentation to get you started can be found here.

docker volumes and apache permissions

I’m using docker for serving huge website with php. Issue is that when I’m linking my host volume to container I get permission errors. I know that I could run chmod -R 777 /var/www but isn’t it little bit dangerous?

My Dockerfile

FROM php:7.0.3-apache 
RUN docker-php-ext-install mysqli
RUN a2enmod rewrite
RUN a2enmod headers
RUN docker-php-ext-install pdo_mysql
RUN apt-get update -y && apt-get install -y sendmail libpng-dev

RUN apt-get update && 
    apt-get install -y 
        zlib1g-dev 

RUN apt-get update && apt-get install -y 
        libfreetype6-dev 
        libjpeg62-turbo-dev 
        libpng-dev 
    && docker-php-ext-install -j$(nproc) iconv 
    && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ 
    && docker-php-ext-install -j$(nproc) gd

RUN docker-php-ext-install mbstring

RUN docker-php-ext-install zip

RUN docker-php-ext-install gd

My Docker-Compose.yml

version: "2"
services:
    www:
        build: .
        ports: 
            - "80:80"
        volumes:
            - ./test.com:/var/www/
        links:
            - db
        networks:
            - default
    db:
        image: mysql:5.7
        ports: 
            - "3306:3306"
        environment:
            MYSQL_DATABASE: test
            MYSQL_USER: test
            MYSQL_PASSWORD: test
            MYSQL_ROOT_PASSWORD: test
        volumes:
            - ./mysql:/var/lib/mysql
        networks:
            - default

Any ideas how to handle host volume permissions?

Tags:

3

Answers


  1. 0

    It is definitely not a good idea to chmod with 777, as you already suspected. You will need to chown the folders and files to the apache group with: chown -R <current_user>:www-data /test.com and change the permissions to 755.

    I hope this helps you

    Login or Signup to reply.
  2. 0

    You can set uid for docker container’s user is equal with host user’s uid. It should help.

    Login or Signup to reply.
  3. 0

    I spent sometime looking for the best solution for this case.
    The cleanest way I found was setting the permission to the user 33 at the host machine.

    Options I’ve tried:

    1. Define a different user ID in Docker composer file: May work many times, but may cause errors when Apache trying to use internal files (e.g. ssh keys)

    2. Passing the local UID as an env variable and adding www-data to the same group/id: You must do that during the building process as part of the Docker file instructions, so it also creates another sketchy scenario when you create a image with permissions from your host machine.

    The less messy way I found is giving permissions to your local files to the user 33. Note that you do not have to create the user.

    setfacl -R -m u:33:rwx /path/to/your/files

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search