I try to run wordpress in a docker container my docker-compose.yaml file is:
version: "2"
services:
my-wpdb:
image: mariadb
ports:
- "8081:3306"
environment:
MYSQL_ROOT_PASSWORD: ChangeMeIfYouWant
my-wp:
image: wordpress
volumes:
- ./:/var/www/html
ports:
- "8080:80"
links:
- my-wpdb:mysql
environment:
WORDPRESS_DB_PASSWORD: ChangeMeIfYouWant
When i build the docker structure the volume is mounted but belongs to root.
I tried to change that with:
my-wp:
image: wordpress
user: 1000:1000 # added
volumes:
- ./:/var/www/html
ports:
- "8080:80"
links:
- my-wpdb:mysql
environment:
WORDPRESS_DB_PASSWORD: ChangeMeIfYouWant
Now I can edit files. But then the container doesn't serve the website anymore.
What is the right way to solve this permission issue?
According to the docker-compose and docker run reference, the user option sets the user id (and group id) of the process running in the container. If you set this to 1000:1000, your webserver is not able to bind to port 80 any more. Binding to a port below 1024 requires root permissions. This means you should remove the added user: 1000:1000 statement again.
To solve the permission issue with the shared volume, you need to change the ownership of the directory. Run chown 1000:1000 /path/to/volume. This can be executed inside the container or directly on the host system. The change is persistent and effective immediately (no container restarted required).
In general, I think the volume should be in a sub-directory, e.g.
volumes:
- ./public:/var/www/html
Make sure that the correct user owns ./public. If you start the container and the directory does not exist, docker creates it for you. In this case, the directory is owned by root and you need to change ownership manually as explained above.
Alternatively, you can run the webserver as an unprivileged user (user: 1000:1000), let the server listen on port 8080 and change the routing to
ports:
- "8080:8080"
answered in same question
use root user in your docker-compose to get full permission
EX:-
node-app:
container_name: node-app
image: node
user: root
volumes:
- ./:/home/node/app
- ./node_modules:/home/node/app/node_modules
- ./.env.docker:/home/node/app/.env
NOTE:- user: root => gives you a full permission of your volumne
I was using Google Cloud shell and found that the following command enabled the correct permissions for me to use FTP file access with the WordPress docker container:
sudo chmod 644 -R wordpress-docker-compose
Related
I have docker installed on linux on remote server. I use ssh to connect to docker from my host machine with Windows 10. To deploy my app to docker, I use docker-compose v3, but I have serious problem. When I try to mount volume with file from my host machine, file converts to directory in my container.
Here's my docker-compose.yml:
version: "3.8"
services:
zeebe:
container_name: zeebe
image: camunda/zeebe
environment:
- ZEEBE_LOG_LEVEL=debug
ports:
- "26500:26500"
- "9600:9600"
- "5701:5701"
volumes:
- zeebe_data:/usr/local/zeebe/data
- type: bind
source: ./ZeebeServer/lib/application.yml
target: /usr/local/zeebe/config/application.yaml
read_only: true
depends_on:
- elasticsearch
networks:
- backend
operate:
container_name: operate
image: camunda/operate
ports:
- "8080:8080"
depends_on:
- zeebe
- elasticsearch
volumes:
- operate_data:/usr/local/operate
- type: bind
source: C:/Users/Aset/IdeaProjects/ABC-Store/ZeebeServer/operate/application.yml
target: /usr/local/operate/config/application.yml
read_only: true
networks:
- backend
elasticsearch:
container_name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.7.1
ports:
- "9200:9200"
environment:
- discovery.type=single-node
- cluster.name=elasticsearch
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
volumes:
- zeebe_elasticsearch_data:/usr/share/elasticsearch/data
networks:
- backend
And this is my error after command docker-compose -d up:
ERROR: for zeebe Cannot start service zeebe: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"/c/Users/User/IdeaProjects/ABC-Store/ZeebeServer/lib/application.yml\\\" to rootfs \\\"/var/lib/docker/overlay2/fec3c1f3ad8748e2bf3aa5fdf30558434c2474ecac8b7fdbad2fdbb27df24415/merged\\\" at \\\"/var/lib/docker/overlay2/fec3c1f3ad8748e2bf3aa5fdf30558434c2474ecac8b7fdbad2fdbb27df24415/merged/usr/local/zeebe/config/application.yaml\\\" caused \\\"not a directory\\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
I understand that you are trying to mount a local folder from your Windows host (C:/Users/Aset/IdeaProjects/...) into a docker container.
But this is not possible (that easily) since docker can only mount folders local to the docker host i.e. your remote server you're connecting to via ssh.
So in order to mount the folder of your local Windows host into the container you'd first have to mount that folder somehow on the docker host/remote server (e.g. with a Samba share) or copy the contents of that folder to the remote server and edit your volume source to the path of the folder on the docker host.
P.S. in case you're wondering why this doesn't work but docker build with files from your Windows host does: docker build uploads the build context i.e. the current directory, to the docker host making its content available on the server.
I run flink as docker container from docker-compose file. Here is a part of it:
jobmanager:
image: flink:1.7.2-scala_2.11-alpine
restart: always
volumes:
- type: bind
source: ./app-folders/data__unzip
target: /data_unzip
expose:
- "6123"
ports:
- "8081:8081"
command: jobmanager
environment:
- JOB_MANAGER_RPC_ADDRESS=jobmanager
networks:
- dwh-network
When i try to add in my compose file
user : root
It doesn't work, and when flink starts i see in logs:
- OS current user: flink
So, I see it somehow integrated, mb when it was builded...but is there a way to change it on 'root'?
I found an answer - you need to replace docker-entrypoint.sh with your own file by adding volume from your host-machine and correct lines in it from "gosu flink... / su-exec flink..." to "gosu root .../ su-exec root..."
Running Consul with docker desktop using windows containers and experimental mode turned on works well. However if I try mounting bitnami consul's datafile to a local volume mount I get the following error:
chown: cannot access '/bitnami/consul'
My compose file looks like this:
version: "3.7"
services:
consul:
image: bitnami/consul:latest
volumes:
- ${USERPROFILE}\DockerVolumes\consul:/bitnami
ports:
- '8300:8300'
- '8301:8301'
- '8301:8301/udp'
- '8500:8500'
- '8600:8600'
- '8600:8600/udp'
networks:
nat:
aliases:
- consul
If I remove the volumes part, everything works just fine, but I cannot persist my data. If followed instructions in the readme file. The speak of having the proper permissions, but I do not know how to get that to work using docker desktop.
Side note
If I do not mount /bitnami but /bitnami/consul, I get the following error:
2020-03-30T14:59:00.327Z [ERROR] agent: Error starting agent: error="Failed to start Consul server: Failed to start Raft: invalid argument"
Another option is to edit the docker-compose.yaml to deploy the consul container as root by adding the user: root directive:
version: "3.7"
services:
consul:
image: bitnami/consul:latest
user: root
volumes:
- ${USERPROFILE}\DockerVolumes\consul:/bitnami
ports:
- '8300:8300'
- '8301:8301'
- '8301:8301/udp'
- '8500:8500'
- '8600:8600'
- '8600:8600/udp'
networks:
nat:
aliases:
- consul
Without user: root the container is executed as non-root (user 1001):
▶ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c590d7df611 bitnami/consul:1 "/opt/bitnami/script…" 4 seconds ago Up 3 seconds 0.0.0.0:8300-8301->8300-8301/tcp, 0.0.0.0:8500->8500/tcp, 0.0.0.0:8301->8301/udp, 0.0.0.0:8600->8600/tcp, 0.0.0.0:8600->8600/udp bitnami-docker-consul_consul_1
▶ dcexec 0c590d7df611
I have no name!#0c590d7df611:/$ whoami
whoami: cannot find name for user ID 1001
But adding this line the container is executed as root:
▶ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac206b56f57b bitnami/consul:1 "/opt/bitnami/script…" 5 seconds ago Up 4 seconds 0.0.0.0:8300-8301->8300-8301/tcp, 0.0.0.0:8500->8500/tcp, 0.0.0.0:8301->8301/udp, 0.0.0.0:8600->8600/tcp, 0.0.0.0:8600->8600/udp bitnami-docker-consul_consul_1
▶ dcexec ac206b56f57b
root#ac206b56f57b:/# whoami
root
If the container is executed as root there shouldn't be any issue with the permissions in the host volume.
Consul container is a non-root container, in those cases, the non-root user should be able to write in the volume.
Using host directories as a volume you need to ensure that the directory you are mounting into the container has the proper permissions, in that case, writable permission for others. You can modify the permission by running sudo chmod o+x ${USERPROFILE}\DockerVolumes\consul (or the correct path to the host directory).
This local folder is created the first time you run docker-compose up or you can create it by yourself with mkdir. Once created (manually or automatically) you should give the proper permissions with chmod.
I am not familiar with Docker desktop nor Windows environments, but you should be able to do the equivalent actions using a CLI.
I have a simple NodeJs app with MongoDB using Docker(docker-compose). Everything works just fine, but Mongo's mounted volume is created under ownership of user 999.
Docker is executed under the permission of a non-root user.
Here is the mounted volume permissions info:
drwxr-sr-x 4 999 www-data 4,0K Aug 5 21:56 mongo-data
Here is my docker-compose.yml file:
version: "3.3"
services:
api:
.....
mongodb:
image: mongo:latest
container_name: "mongodb"
environment:
- MONGO_DATA_DIR=/data/db
- MONGO_LOG_DIR=/dev/null
volumes:
- ./mongo-data:/data/db
ports:
- 27017:27017
command: mongod --smallfiles --logpath=/dev/null
volumes:
mongo-data:
Next time when executing: docker-compose up -d --build will throw this error:
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
If the ownership of the mounted volume is changed, everything is back to normal until next time.
I mention that I previously used this kind of configuration with MySQL and Redis, but I never encountered this issue.
Any ideas on how to fix it?
Thank you!
This also creates issues in managing those files on the host, such as backing up those files as a non-privileged user, which might be something one wants on a developer PC.
Here's the actual solution!
You can:
docker run --user some-other-user-id:some-group-id
or, in docker-compose, here's a minimal example:
version: '3.5'
services:
mongo:
image: mongo:latest
user: '1000:1000'
volumes:
- ./data:/data/db
After running this, looking at the data directory, it contains only user/group of 1000. Of course, set this to whatever you find appropriate.
I found that it was necessary to create the directory first under the user that is specified. The docker-compose runs as root, if I'm not mistaken, and the directory gets owned by root and that creates mayhem.
So,
mkdir data
docker-compose up
Enjoy!
On Ubuntu based images, 999 will be the first possible system assigned UID for unknown users, with further IDs counting down.
What this could mean is that the directory you are mounting might be a network path or might be copied from another machine, both leading to the user being unknown on your machine, leading to a system assigned UID.
Note that you can use the ADD --chown X:Y Syntax to add files under a user with a defined user ID.
Building off of the previous answer, to avoid issues like this in the future, you could consider using managed volumes rather than a specific directory in your filesystem. Keeps all those weird files out of sight, and avoids odd permissions issues like this. Here's my Docker Compose setup for Mongo:
https://github.com/alexmacarthur/local-docker-db/blob/master/mongo/docker-compose.yml#L6
I installed docker-machine on my Mac and when I install laravel on a container who runs Apache, I'm not able to change the groups on the files to put them on www-data.
When I try:
/bin/chown www-data:www-data -R /var/www/laravel/storage /var/www/laravel/bootstrap/cache
I have this error message:
chown: unknown user/group www-data:www-data
I try to add user to www-data group and restart docker-machine, but this does not work.
My setup is this: I have a virtualbox mapping with my Mac. The file /var/www is mapping for my /Document/site. I use the images on Docker Hub. The file image is mysql and is mapping with the port 3306 and I save my db to /var/lib/boot2docker/mysql. The second image is apache and I map the port 8888:80. My Dockerfile contains nothing, but my docker-compose.yml has:
web:
image: eboraas/apache
ports:
- "8888:80"
volumes:
- /var/www/laravel-site:/var/www/html
links:
- db:db
db:
image: mysql
ports:
- "3306:3306"
volumes:
- /var/lib/boot2docker/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=root
I load laravel with compose to my Mac.
to do what you want to do you have to do a docker-dial and run your script locally
put this in your docker-composer
web:
image: eboraas/apache
ports:
- "8888:80"
volumes:
- /var/www/laravel-site:/var/www/html
links:
- db:db
db:
image: mysql
ports:
- "3306:3306"
volumes:
- /var/lib/boot2docker/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=root
docker will create container for you in your local machine et after create a map with docker.sock