patterndockerMinor
Can't write to Docker volume
Viewed 0 times
dockercanvolumewrite
Problem
My set-up
Issue
I discovered that my application can't write to Docker volumes.
Debugging
Using
My web server is running under user
Attempted solution
I've tried setting the user under which my container runs to
Question
What is the proper way to fix this issue? I need
- I have a Docker image based on
php:7.4-apache.
- I have two Docker volumes for saving files that need to be persisted.
- On container start, I run Certbot to install HTTPs certificates.
Issue
I discovered that my application can't write to Docker volumes.
Debugging
Using
ls -l I found out that the mountpoints of my volumes are owned by user 1451:drwxr-xr-x 4 1451 users 176128 Mar 12 13:25 volume_mountpointMy web server is running under user
www-data.Attempted solution
I've tried setting the user under which my container runs to
www-data. This caused the volume mountpoints to be owned by www-data, which fixed the permissions issue. The problem with this solution is that Certbot requires root permissions and fails to acquire HTTPs certificate without it.Question
What is the proper way to fix this issue? I need
Certbot to run under root, but let mountpoints to be owned by www-data.Solution
Solution that worked for me in the past: create a new image out of the existing one and let entrypoint script of that new image to modify permissions of your volume_mountpoint.
So in the case of your image (php:7.4-apache) you create entrypoint.sh file, something like
And then your Dockerfile should be something like
This way it should correct the permissions when container starts. Note, that I haven't tested the above, might require some tweaks - but hopefully it shows the idea.
P.s. Maybe somebody has a better way of doing this - I would be very interested myself.
So in the case of your image (php:7.4-apache) you create entrypoint.sh file, something like
chown www-data:www-data -R /path/to/volume_mountpoint
apache2-foregroundAnd then your Dockerfile should be something like
FROM php:7.4-apache
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]This way it should correct the permissions when container starts. Note, that I haven't tested the above, might require some tweaks - but hopefully it shows the idea.
P.s. Maybe somebody has a better way of doing this - I would be very interested myself.
Code Snippets
chown www-data:www-data -R /path/to/volume_mountpoint
apache2-foregroundFROM php:7.4-apache
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]Context
StackExchange DevOps Q#11065, answer score: 1
Revisions (0)
No revisions yet.