Solution to the Docker container not having permission to write to the host directory

When applying docker containers, we often mount the host directory into the docker container.

When the folder permissions of the host machine belong to the root, we need to set the folder permissions user to chown to ensure the normal writing of the directory contents.

Here is an example:

The docker version of jenkins is used. After running, the following error occurs:

[root@localhost CICD]# docker logs -f jenkins 
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

The directory where my jenkins is mounted is /opt/jenkins/xxxxx, created by the root user, and the uid of the jenkins user is 1000

So you need to chown the settings as follows:

sudo chown -R 1000:1000 /opt/jenkins

Then restart the container and the error will go away.

Supplement: Introduce two ways to handle file permissions when writing volumes from Docker containers

Say it in advance

Containers are often used as a replacement for native installation tools. It is much better to use containers with the required versions on the host than to use outdated tools. However, any time the container interacts with the host system, files are left with incorrect or corrupt permissions.

Fortunately, the solution to this problem does not require the use of scripts.

Problem Description

When a container mounts a local directory and writes files to it, its ownership is determined by the user inside the container:

nicholas@host:~/source$ mkdir source
nicholas@host:~/source$ docker run -it --rm --volume $(pwd):/source --workdir /source ubuntu
root@a031d11c9515:/source# mkdir subdir
root@a031d11c9515:/source# touch subdir/newfile
root@a031d11c9515:/source# exit
exit
nicholas@host:~/source$ ls -lR
.:
total 4
drwxr-xr-x 2 root root 4096 Jul 16 19:35 subdir
 
./subdir:
total 0
-rw-r--r-- 1 root root 0 Jul 16 19:35 newfile
nicholas@host:~/source$ rm -rf subdir/
rm: cannot remove 'subdir/newfile': Permission denied

Additionally, you may not be able to delete these directories and files that have incorrect ownership.

Solution 1: Remove from container

A very common solution is to change the ownership of files and directories from inside the container:

nicholas@host:~/source$ docker run -it --rm --volume $(pwd):/source --workdir /source ubuntu
root@d1c3bee8bb2b:/source# ls -al
total 12
drwxrwxr-x 3 1000 1004 4096 Jul 16 19:35 .
drwxr-xr-x 1 root root 4096 Jul 16 19:39 ..
drwxr-xr-x 2 root root 4096 Jul 16 19:35 subdir
root@d1c3bee8bb2b:/source# chown 1000:1000 subdir/ -R
root@d1c3bee8bb2b:/source# ls -l
total 4
drwxr-xr-x 2 1000 1000 4096 Jul 16 19:35 subdir
root@d1c3bee8bb2b:/source# exit
exit
nicholas@host:~/source$ ls -l
total 4
drwxr-xr-x 2 nicholas lpadmin 4096 Jul 16 19:35 subdir
nicholas@host:~/source$

The downside to this approach is that it requires additional logic, and that you need to know the user and group IDs of the user running the container.

Solution 2: Create a file with the correct ownership

The second solution is cleaner and will create the files and directories with the correct ownership inside the container. Docker provides a parameter to set the user ID and group ID of the user in the container:

nicholas@host:~/source$ docker run -it --rm --volume $(pwd):/source --workdir /source --user $(id -u):$(id -g) ubuntu
groups: cannot find name for group ID 1004
I have no name!@bf7f355f3b65:/source$ touch newfile
I have no name!@bf7f355f3b65:/source$ exit
exit
nicholas@host:~/source$ ls -l
total 4
-rw-r--r-- 1 nicholas nicholas 0 Jul 16 19:42 newfile
drwxr-xr-x 2 nicholas lpadmin 4096 Jul 16 19:35 subdir
nicholas@host:~/source$

This method can help you solve user ID and group ID errors.

Please note that for security purposes, running as root inside a container is the worst practice. Dockerfiles should always use the USER directive to avoid using root privileges directly.

The above is my personal experience. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM. If there are any mistakes or incomplete considerations, please feel free to correct me.