If we use Docker as our development environment, we would use docker
command to generate files.
e.g.
docker run --rm ruby:2.4 bundle exec rails g ...
docker-compose run --rm web composer install
The problem is that the owner and group of files that these commands generate are always root
.
Note: this problem may happen only with Linux's Docker. Mac doesn't. Windows unknown.
Solution 1: Dockerfile
We can set owner and group in Dockerfile
.
The official document says we can do it by USER postgres
, but we can also set group with :
.
# Dockerfile
USER 1000:1000
However, this way specifies owner and group id.
I found more flexisible solutions.
Solution 2: command argument
docker run -u 1000:1000 debian bash
In this way, we can set user and group with shell variables like $UID
.
Or getent group staff | cut -d: -f3
.
Solution 3: specify in docker-compose.yml
I was looking for this.
The principle is the same as solution 2, so the following config works well:
# docker-compose.yml
web:
image: ruby:2.4
user: "${UID}:${GID}"
Then run
UID=${UID} GID=${GID} docker-compose up
Or, export these variables as environment variables, ignoreing bash: UID: readonly variable
export UID=${UID}
export GID=${GID}
docker-compose up
Environment
- Arch Linux
- Docker 1.12.3 linux/amd64
Off topic
My favorite desktop Linux is Arch Linux.
pacman
, the package management system for Arch, always provides the latest version of any package.
With Docker container, any host machine is OK.
Top comments (15)
Or you can also set up user/group remapping by configs of your OS (
/etc/subuid
,/etc/subgid
). See docs.docker.com/engine/security/us... to get more information.It can be more convenient is some cases.
Thanks for the information!
You can also provide a default value, and override it with the environment variable or with a
docker-compose.override.yml
:And then in your Dockerfile:
Thank you for the information!
Any way without export UID?
env UID=${UID} GID=${GID} docker-compose up
would work without export UID, I suppose!Hi, if I do this, on restart (if I have docker always restart) permission is lost on system boot. Hence, this isn't a good way to do it.
Hi Varun,
Oh really? I don't have such experiences, as file permission usually doesn't change on system boot.
Hi
Let us say that you have a docker container which will keep creating files with some logic - in my case it is compressing the images.
I have written a blog for the docker I have added to a tool:
Lossless Image Compressions using Docker
Now what it does is - it reads image - move image to temp folder, compress it, copy back to its original location.
All goes well as I have started it with $UID as mentioned in your post.
However, let us say now the machine is restarted - somehow $UID becomes a root.
If you have observed the same problem? After restart - some images I uploaded are now compressed with the root user and not www-data as originally intended.
Sorry for my slow response.
I didn't investigate the problem deeply, and moving files to /tmp or such directory, and restart the machine.
Actually I recently don't use Docker on Linux with daily development. In production we don't store data to disk so don't care about the permissions.
when i add
php:
build: ./docker/php-fpm
user: "${UID}:${GID}"
i get
WARNING: The UID variable is not set. Defaulting to a blank string.
WARNING: The GID variable is not set. Defaulting to a blank string.
I have seen that warnings. Did you set Docker user though?
Hi, You didn't set UID and GID first. Set those variable by either creating a bash - or set it zshrc file (or alike)
It works !
Thanks buddy, you make my day.