{"id":16770217,"url":"https://github.com/ypereirareis/docker-permissions","last_synced_at":"2025-04-10T19:43:43.893Z","repository":{"id":79249135,"uuid":"124263570","full_name":"ypereirareis/docker-permissions","owner":"ypereirareis","description":"A way to deal with docker volumes and users permissions. Read/write/exe in shared folder from inside the container.","archived":false,"fork":false,"pushed_at":"2018-03-22T08:10:43.000Z","size":40,"stargazers_count":25,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-24T17:21:31.237Z","etag":null,"topics":["chmod","chown","docker","gid","permissions","uid","volumes"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ypereirareis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-07T16:28:50.000Z","updated_at":"2024-12-20T08:13:00.000Z","dependencies_parsed_at":"2023-05-29T10:45:37.374Z","dependency_job_id":null,"html_url":"https://github.com/ypereirareis/docker-permissions","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ypereirareis%2Fdocker-permissions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ypereirareis%2Fdocker-permissions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ypereirareis%2Fdocker-permissions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ypereirareis%2Fdocker-permissions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ypereirareis","download_url":"https://codeload.github.com/ypereirareis/docker-permissions/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248281424,"owners_count":21077423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chmod","chown","docker","gid","permissions","uid","volumes"],"created_at":"2024-10-13T06:23:18.989Z","updated_at":"2025-04-10T19:43:43.882Z","avatar_url":"https://github.com/ypereirareis.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker volumes and permissions\n\n[![Build Status](https://travis-ci.org/ypereirareis/docker-permissions.svg?branch=master)](https://travis-ci.org/ypereirareis/docker-permissions)\n\nThis repository shows you a way to deal with read/write/exec permissions\nand how to define user and group ids using volumes from the host, when running containers.\n\nIndeed, user uid and gid are often different in the container and on the host system.\nAnd it's possible to use the same docker configuration on different hosts (local, test, stating,...)\nand with possibly different users from a uid/gid point of view.\n\nSo if you want to use volumes, you need to understand how to configure the permissions of the project/folder\nmapped into your containers.\n\n:whale: **A second way of doing things is available at:** [ypereirareis/docker-permissions-reborn](https://github.com/ypereirareis/docker-permissions-reborn)\n\n## Docker images\n\nFor this demo project we are relying on two simple docker alpine images:\n\n* [Nginx (nginx:1.13.9-alpine)](https://hub.docker.com/_/nginx/)\n* [PHP-FPM (php:7.2.3-fpm-alpine3.7)](https://hub.docker.com/_/php/)\n\nWe are using the nginx image directly simply overriding the configuration file with our own\nto be able to use PHP-FPM running in the `php` container.\n\n```bash\nlocation ~ ^/index\\.php(/|$) {\n    fastcgi_pass php:9000;\n    ...\n    internal;\n}\n```\n\nFor the PHP-FPM image we are building our own form the `php:7.2.3-fpm-alpine3.7` because we need to\nadd a custom entry point to deal with permissions.\n\n## The problem\n\nWe have a problem if we use a volume to share our code from host to container.\n\n* The user running `php-fpm` in the container is `wwww-data` with `uid=100` and `gid=101`.\n* Our host user often has `uid=1000` and `gid=1000` but not always.\n* The `nginx` user will not be able to read/write/exec files from the volume if permissions are not defined properly.\n\nBut I do not recommend to change permissions with `chmod` directly.\nThe way I recommend is to change the owner of the shared directory to map uid and gid of the container user\nto the host user.\n\n## The Dockerfile and entry point to change uig/gid\n\nThe interesting part of the Dockerfile is this one:\n\n```bash\nARG PROJECT_DIR_ARG='/usr/share/nginx/html'\nENV PROJECT_DIR=$PROJECT_DIR_ARG\n\nRUN mkdir -p $PROJECT_DIR\nCOPY ./project $PROJECT_DIR\nRUN chown -R www-data:www-data $PROJECT_DIR\n```\n\n* In the entry point we are checking if uid and gid of the container user `nginx` must be changed.\n\n```bash\n# --\nPHP_UID_DEFAULT=$(id -u www-data)\n\n# Here we check if GID and UID are already defined properly or not\n# i.e Do we have a volume mounted and with a different uid/gid ?\nif [[ -z \"$(ls -n $PROJECT_DIR | grep $PHP_UID_DEFAULT)\" ]]; then\n\n    : ${PHP_UID:=$(id -u www-data)}\n    : ${PHP_GID:=$(id -g www-data)}\n\n    export PHP_UID\n    export PHP_GID\n\n    if [ \"$PHP_UID\" != \"0\" ] \u0026\u0026 [ \"$PHP_UID\" != \"$(id -u www-data)\" ]; then\n      echo \"Need to change UID and GID.\"\n      usermod  -u $PHP_UID www-data\n      groupmod -g $PHP_GID www-data\n      chown -R www-data:www-data $PROJECT_DIR\n      echo \"UID and GID changed to $PHP_UID and $PHP_GID.\"\n    fi\nelse\n    echo \"UID and GUI are OK !\"\nfi\n```\n\n* The possible new values are coming from environment variables.\n\n```yaml\nphp:\n    build:\n      context: .\n    environment:\n      - PHP_UID=${PHPUID}\n      - PHP_GID=${PHPGID}\n```\n\n* We can define per-host custom UID/GID environment varaibles with a `.env` file.\n\n```bash\nPHPUID=1000\nPHPGID=1000\n```\n\n# Run the demo\n\n```bash\n$ git clone git@github.com:ypereirareis/docker-permissions.git \u0026\u0026 cd docker-permissions\n```\n\n* Copy `.env.dist` to `.env` and set your uid and gid values.\n* Comment/Uncomment volume from `docker-compose.yml`\n\n```yaml\nservices:\n  php:\n    volumes:\n      - ./project:/usr/share/nginx/html\n```\n\n```bash\n$ docker-compose build\n\n```\n\n```bash\n$ docker-compose up\nStarting ypr-permissions-php ... \nStarting ypr-permissions-php ... done\nRecreating ypr-permissions-nginx ... \nRecreating ypr-permissions-nginx ... done\nAttaching to ypr-permissions-php, ypr-permissions-nginx\nypr-permissions-php | UID and GUI are OK !\nypr-permissions-php | [07-Mar-2018 16:35:37] NOTICE: fpm is running, pid 1\nypr-permissions-php | [07-Mar-2018 16:35:37] NOTICE: ready to handle connections\n```\n\nGo to [http://127.0.0.1:8888/](http://127.0.0.1:8888/)\n\nIf everything is ok, you should see:\n\n![OK result](./img/ok.png)\n\n# Tests\n\n```bash\nchmod +x tests.sh \u0026\u0026 ./tests.sh\n```\n\n# LICENSE\n\nMIT License\n\nCopyright (c) 2018 Yannick Pereira-Reis\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fypereirareis%2Fdocker-permissions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fypereirareis%2Fdocker-permissions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fypereirareis%2Fdocker-permissions/lists"}