Welp, I invested three days into this, I figured I'll ask.
I boiled my problem down to this:
The app I'm dockerizing is nothing special:
# docker-compose.yml
services:
php:
image: php:8.1.5-fpm-bullseye
volumes:
- ./:/var/www
# this is the end goal: files writable by this image:
nginx:
image: "nginx:1.23-alpine"
ports:
- "8090:80"
volumes:
- .:/var/www
On my host machine the current user has: uid=1000(raveren) gid=1000(raveren)
But the files that end up in the mounted volume belong to root (id=0):
> docker compose exec php ls -l /var/www
total 3900
-rwxrwxr-x 1 root root 21848 Jul 19 11:52 Makefile
-rwxrwxr-x 1 root root 1153 Jul 18 07:03 README.md
# etc etc
How am I supposed to make some of the directories (i.e. cache, log, and potentially much more) writable for the www-data
user that nginx is running on?
If the files belonged to a non-root user I could do that by either changing the www-data
id to match the owner - or do something along the lines of this nice guide.
However, the problem I can't get past is: the containerized files don't "admit" that their owner is actually id=1000 and not root id=0.
I tried:
- All variations of
user
directive - in yaml and Dockerfile userns_mode: "host"
in the yaml.- When I do
docker compose exec chown 1000 testfile
the owner on the host machine gets reflected as 100999. That's why I suspected userns because cat /etc/subuid gives raveren:100000:65536
Please advise!
CodePudding user response:
I will answer my own question here, it turns out this was a bug of some software on my freshly installed test machine - most probably Docker. I spent too much time to care, it works everywhere but on this specific rig. <rant> so screw it and actually screw docker. After two years with it - just using for developer setups - I'm under the impression that each machine a dockerized app runs on - needs some special tweaking. </rant>
In several other machines everything works as expected: the user:
directive in the yaml correctly assigns the user that the container runs as. The guide linked inside the question can help, or I did a slightly different approach which works as well:
# docker-compose.yml
services:
php:
build:
context: ./docker/php
args:
DOCKER_UID: ${DOCKER_UID:-1000} # these values must be in ENV, eg .env file
user:
"${DOCKER_UID:-1000}:${DOCKER_GID:-1000}"
# Dockerfile
FROM php:8.1.5-fpm-bullseye
ARG DOCKER_UID
# lots of stuff here
# Create a user for provided UID from the host machine
RUN useradd -u ${DOCKER_UID} -m the-whale
RUN usermod -G www-data,the-whale,root,adm the-whale