Question posted in
The official documentation can be found here.

Docker app can't write to mounted folders when deployed on EC2 Amazon Linux

On my windows pc in docker desktop the app can write to its mounted folders.

On ec2 amazon linux, I build the containers using docker-compose up

they run ok but when they try to write a file to the mounted folder it gets permission denied,

I used sudo docker exec -it containerId sh and saw that:

whoami returns app

ls -l MountedFolder/ shows the folder I’m to write to with this properties

drwxr-xr-x 2 root root

my compose.yaml:

services:                  
  webapp1:
    build: 
      context: ./Store
      target: final        
    ports:
      - 8082:8080     
    volumes:
      - ./volumes/App_Data/:/app/App_Data          
    container_name: webapp1

Dockerfile

# syntax=docker/dockerfile:1

FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build

COPY . /source

WORKDIR /source/WebUI

ARG TARGETARCH

RUN --mount=type=cache,id=nuget,target=/root/.nuget/packages 
    dotnet publish -a ${TARGETARCH/amd64/x64} --use-current-runtime --self-contained false -o /app

FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS final
WORKDIR /app

COPY --from=build /app .

USER $APP_UID

ENTRYPOINT ["dotnet", "WebUI.dll"]
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Not sure if it is a good solution, but this what I have for now.

    I give permissions to all on the folders that I will mount:

    sudo chmod -R a+rw /App_Data

    and after this I call

    sudo docker-compose up

    and the docker container app doesn't get the permission denied error anymore


  2. 0

    Your Docker container is facing a permissions issue when trying to write to a mounted folder on an Amazon EC2 instance running Amazon Linux:

    [EC2 Instance] <--- Mounts ---> [Docker Container]
       |                                |
       |                                |
[MountedFolder - permissions]      [app - trying to write]

    The MountedFolder in your EC2 instance is owned by root with permissions drwxr-xr-x (read and execute for group and others, but write permission only for the owner). When your container runs, it switches to a non-root user (app), which does not have write permissions on the mounted folder.

    You would need to adjust the permissions of the MountedFolder on your EC2 instance to allow the app user in the container to write to it. That can be done by either changing the folder’s ownership to match the UID of the app user inside the container or by adjusting the folder’s permissions to be more permissive (not recommended).

    The preferred option is to use the chown command on your EC2 instance to change the ownership of the MountedFolder. You need to set the owner to the UID of the app user inside the container. First, find out the UID of the app user inside the container with id -u app, then apply it to the mounted folder:

    sudo chown -R <app-uid> ./volumes/App_Data/

    You also need to make sure your Dockerfile correctly sets up the user. Since you are switching to a user $APP_UID, make sure this environment variable is properly set to match the UID you want to use. If APP_UID is not defined, you need to add a line in your Dockerfile to create the app user with a specific UID that matches the host’s folder ownership or use an existing UID.

    # At the end of your Dockerfile
ARG APP_UID=1000
RUN adduser -D -u $APP_UID app
USER app
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search