How can I set container permissions for volumes to non-root on native_osx?

EugenMayer / docker-sync

Run your application at full speed while syncing your code for development, finally empowering you to utilize docker for development under OSX/Windows/*Linux

GNU General Public License v3.0

3.53k stars 289 forks source link

How can I set container permissions for volumes to non-root on native_osx? #434

Closed hammady closed 7 years ago

hammady commented 7 years ago

Question

For the source code mount below, all files are mounted as root. My container runs as www-data as it is more secure and I have scripts that can't run using root. As a result, commands like bundle install can't write the Gemfile.lock and assets can't store the cache in tmp/cache. I noticed there is an option called sync_userid but it is not effective. Maybe it works only with rsync? How can I specify the user id mapping for the mounted volumes?

Docker Driver

d4m

Sync strategy

default. I think it uses native_osx but I also get unison messages in the logs!

your docker-sync.yml

version: "2"
syncs:
  rayyan-web-sync:
    src: './rayyan'
    sync_host_ip: 'localhost'
    sync_host_port: 10872
    sync_userid: '33'

OS

macOS Sierra: 10.12.5

EugenMayer commented 7 years ago

Please read the docs, seriously. https://github.com/EugenMayer/docker-sync/wiki/2.-Configuration

 # this does not user groupmap but rather configures the server to map
    # optional: usually if you map users you want to set the user id of your application container here
    sync_userid: '5000'

hammady commented 7 years ago

@EugenMayer thanks for your comment. If you look again at my docker-sync.yml file you will see that I have already read the documentation and set the sync_userid. What I have discovered is that this setting along with sync_excludes won't work by just restarting the sync container, you must remove and recreate it again. This is at least what happened to me. Thanks again for your awesome work.

EugenMayer commented 7 years ago

@hammady i see - you are not allowed to change anything in the docker-sync.yml without removing the old container ( clean ) - or you risk your settings being not applied, since the container is reused ( which should be in your logs ) - i get that this is not super obvious though, on the other side, we cannot really check easily if you changed the config since you "created" the container last time ( hash sum saving somewhere and so on ) - a lot of effort for a rare case in the daily business, but something starters will run into, i imaging.

Thanks for clarifying and sorry for not looking any better

hammady commented 7 years ago

I would suggest that you clarify this point of recreating the container in the configuration page. Yes, it is a rare case for everyday business, but for starters like me who change the docker-sync.yml frequently to experiment with the options, it's common to slip into this. Thanks.

EugenMayer commented 7 years ago

good point did so, right on the top :) Feel free to be bold in the wiki, improvements are very welcome, the developers of a tool are most commonly the worse people to write down to the earth docs, even though i tried hard

ArtDepartmentMJ commented 7 years ago

I was just a victim of this but no bother... Thanks for docker-sync, it makes a huge difference!