Video Tutorial Permissions problem with Docker


In this tutorial we will see how to deal with the permissions problems that many of you encounter when setting up a Docker environment.

The issue

When we work with a docker environment we very often mount a volume of our system in the container. During its execution the container will write files in this volume, files which it will not then be possible to delete easily because we will have permissions errors.

Indeed, the file writes within the container are done with the user root, and therefore also ends up with this owner on the host file system. We are then forced to use a sudo to delete these files.

Solution 1, the --user flag

The first solution to remedy the problem is to use the flag --use when using a container to match the user in the container to the user in our system. We can use the command id to get the id of our user and our group dynamically.

# In the case of bash
docker run --rm -v $ {PWD}: / app --user $ (id -u): $ (id -g) php php /app/index.php

On the other hand, it will be necessary to be attentive to the functioning of the container because this can cause permission problems within the container because your user will not necessarily have the permission levels necessary to perform certain actions. For example, if you use an apache container you will not be able to use port 80 and you will have to change your configuration (if your kernel version is greater than or equal to 4.11 you can work around this problem with the flag --sysctl net.ipv4.ip_unprivileged_port_start = 0).

Solution 2, build the container with the right user

The other solution is to build our container with a user who corresponds to the user of our system. For example, starting from the apache image of PHP we will use build arguments to pass the id and the user and the group. 

FROM php: 7.2-apache

ARG USER_ID
ARG GROUP_ID

RUN groupadd -f -g $ GROUP_ID user
RUN useradd -u $ USER_ID -g $ GROUP_ID user
USER user

We will then use these arguments to create the user inside the container and define it as the user to use when running the container.

docker build --build-arg USER_ID = $ (id -u) --build-arg GROUP_ID = $ (id -g) -t grafikart: php ./php

Now you don't have to worry about permissions when using this image because the container will use the same user as your system. As with the first solution, some things will probably have to be adjusted to avoid permission problems, but the process will depend on the container to be set up.

with docker compose

These 2 solutions can be applied simply with docker-compose.

To adopt solution 1, it will be necessary to pass the user in the configuration.

version: '3.1'
services:
    web:
        image: php: 7.2-apache
        user: "$ {USER_ID}: $ {GROUP_ID}"
        ports:
            - 8000: 80
        volumes:
            -.: / var / www / html
        sysctls:
            - net.ipv4.ip_unprivileged_port_start = 0

You can use environment variables to make things dynamic.

USER_ID = $ (id -u) GROUP_ID = $ (id -g) docker-compose up

To adopt solution 2, just pass the information to the build arguments.

version: '3.1'
services:
    web:
        build:
            context: ./php
            args:
                USER_ID: $ {USER_ID}
                GROUP_ID: $ {GROUP_ID}
        ports:
            - 8000: 80
        volumes:
            -.: / var / www / html
        sysctls:
            - net.ipv4.ip_unprivileged_port_start = 0

And voila, docker shouldn't be giving you permission anymore.

RELATED ARTICLESMORE FROM AUTHOR