Running docker-osx-dev changes file owner on my host

[glifchits]

Appreciate the great work done on this script!

I'm getting this weird issue where the files that get mounted to my Docker dev containers have all their permissions changed.

Initial state:

$ ls -la
total 12K
drwxr-xr-x  5 glifchits staff 170 Nov  2 14:12 .
drwxr-xr-x 24 glifchits staff 816 Nov  2 14:10 ..
-rw-r--r--  1 glifchits staff 142 Nov  2 14:48 UploadDataPage.jsx
-rw-r--r--  1 glifchits staff 270 Nov  2 14:46 uploadDucks.js
-rw-r--r--  1 glifchits staff 386 Nov  2 14:12 uploadRoutes.js

In another terminal tab I run docker-osx-dev, then I run docker-compose up

And afterwards I get:

$ ls -la
total 12K
drwxr-xr-x  5 1000 authedusers 170 Nov  2 14:12 .
drwxr-xr-x 24 1000 authedusers 816 Nov  2 14:10 ..
-rw-r--r--  1 1000 authedusers 142 Nov  2 14:48 UploadDataPage.jsx
-rw-r--r--  1 1000 authedusers 270 Nov  2 14:46 uploadDucks.js
-rw-r--r--  1 1000 authedusers 386 Nov  2 14:12 uploadRoutes.js

After the permissions were changed, whenever I make edits to the files in a text editor I am prompted for my sudo password. I'm using dinghy.

Any idea what's going on here?

[brikis98]

This may not be a docker-osx-dev issue, but a general docker issue. See:

• https://denibertovic.com/posts/handling-permissions-with-docker-volumes/
• https://github.com/docker/docker/issues/2259

[glifchits]

Thanks @brikis98, I looked into those resources. However I'm skeptical that the problem is a general Docker issue. The files are chown'd only after I run the docker-osx-dev script. If I don't use the script and run docker-compose up, the file owner never changes.

Ultimately I'm not sure what I should do to fix my Docker setup, since I believe it relies on some subtle behaviour in the docker-osx-dev script. Could you please elaborate a bit?

[brikis98]

docker-osx-dev uses rsync to copy the files to the VM. Docker itself then mounts the files from the VM into your Docker containers.

If you ssh to the VM and check the file permissions, what do you see?

[glifchits]

docker@dinghy:/Users/glifchits/src$ ls -la
total 40
drwxr-xr-x   12 501      20             408 Nov  3 14:55 ./
drwxr-xr-x   24 501      20             816 Nov  2 18:10 ../
-rw-r--r--    1 501      20             581 Nov  3 14:33 UploadDataPage.jsx
-rw-r--r--    1 501      20             937 Nov  3 14:16 uploadDucks.js
-rw-r--r--    1 501      20            2352 Nov  3 15:44 uploadRoutes.js

On my host Mac:

$ gid glifchits
uid=501(glifchits) gid=20(staff) groups=20(staff) ...

[brikis98]

It looks like the files were rsynced with the same UIDs, right? If so, then when you mount them into a Docker container (e.g. via -v parameter or volumes param in docker-compose), AFAIK, docker-osx-dev is no longer involved. That's just purely Docker.

[glifchits]

The UIDs on the files in the dinghy VM are my host UIDs. But the UIDs on the files in my host after I run docker-osx-dev are the UIDs of the docker user in my dinghy VM. Is that expected?

I understand that the issue's solution could be outside of the scope of docker-osx-dev, but I still think it's at least worth a note in the README. When I first saw docker-osx-dev, I thought it was a kind of plug-and-play solution.

[brikis98]

The UIDs on the files in the dinghy VM are my host UIDs. But the UIDs on the files in my host after I run docker-osx-dev are the UIDs of the docker user in my dinghy VM. Is that expected?

Perhaps I've misunderstood the problem. Are you saying docker-osx-dev is changing the permissions of files inside a Docker container or on your host OS (i.e. OS X)?

[glifchits]

Changing permissions of files on my host. Sorry for any confusion, I'll try to be as explicit as I can here. I've also learned a bit more detail, so I'll lay it all down here.

This is the initial state on my Mac (host):

$ l
total 28K
drwxr-xr-x 13 glifchits staff  442 Nov  3 11:56 .
drwxr-xr-x  3 glifchits staff  102 Oct 25 17:05 ..
drwxr-xr-x 14 glifchits staff  476 Nov  3 13:59 .git
drwxr-xr-x 17 glifchits staff  578 Nov  2 09:35 backend
drwxr-xr-x 22 glifchits staff  748 Nov  2 15:55 frontend
...

After I run docker-osx-dev, this is the state on my Mac (host) even before I start docker-compose:

$ l
total 28K
drwxr-xr-x 13      1000 staff        442 Nov  3 11:56 .
drwxr-xr-x  3 glifchits staff        102 Oct 25 17:05 ..
drwxr-xr-x 14      1000 staff        476 Nov  3 13:59 .git
drwxr-xr-x 17      1000 authedusers  578 Nov  2 09:35 backend
drwxr-xr-x 22      1000 authedusers  748 Nov  2 15:55 frontend
...

(Note: backend and frontend are mounted as volumes)

Confirm that the new UID and GID are straight from my Dinghy VM:

docker@dinghy:~$ id
uid=1000(docker) gid=50(staff) groups=50(staff),100(docker)

And to compare, this is on my Mac (host):

$ gid glifchits
uid=501(glifchits) gid=20(staff) groups=20(staff), ...

$ getent group 50
authedusers:*:50:

So you can see here that after I run docker-osx-dev, two things happen on my host:

1. All the synced files get the User ID of the docker user from the Docker VM
2. All files in a mounted volume that are synced also get the Group ID from the Docker VM

[brikis98]

Ah, OK, now I'm following. Thanks for the clear explanation :)

As far as I know, docker-osx-dev should not change anything on the host OS. It uses tar and rsync, neither of which should change the source. It's inherently all one-way sync, so it can change files on your VM and in your Docker containers, but not on the host.

Could it be because you're using dinghy? I've never tested the two together, and AFAIK, dinghy uses NFS, and NFS does a two way sync.

[glifchits]

Nice catch @brikis98, I think you're right. I'll send this issue over to the Dinghy team to see if there's any way around this problem. Cheers! 🍻

[brikis98]

Ah, got it, thanks for closing the loop. If you use docker-osx-dev with the normal Docker VM (ie whatever Docker Machien uses), you shouldn't hit the permissions problems. I'm going to close this issue now.