Files and folders are created in the host machine but is owned by root user

[leolandotan]

Hi guys!

Issue

I'm not sure if this is weird but I have my web/php service with Drush installed using:

RUN php -r "readfile('https://s3.amazonaws.com/files.drush.org/drush.phar');" > drush \
    && php drush core-status \
    && chmod +x drush \
    && mv drush /usr/local/bin

When I run docker exec -i myproject_web_1 drush dl flag the owner is not set to me but to the root user unlike the other existing modules like so:

drwxr-xr-x  26 leotan  staff   884B May 31 09:03 file_entity
drwxr-xr-x  20 root    staff   680B Sep 23  2016 flag
drwxr-xr-x   9 leotan  staff   306B May 31 09:03 google_tag

Is this normal?

Configuration details

Docker for Mac's Preferences -> File Sharing

d4m-nfs/etc/d4m-nfs-mounts.txt

/Users/leotan:/Users/leotan:0:0

/tmp/d4m-mount-nfs.sh

ln -nsf /tmp/d4m-apk-cache /etc/apk/cache
apk update
apk add nfs-utils sntpc
rpcbind -s > /dev/null 2>&1

DEFGW=$(ip route|awk '/default/{print $3}')
FSTAB="\n\n# d4m-nfs mounts\n"

if true && ! $(grep ':/mnt' /tmp/d4m-nfs-mounts.txt > /dev/null 2>&1); then
  mkdir -p /mnt

  FSTAB="${FSTAB}${DEFGW}:/Users/leotan /mnt nfs nolock,local_lock=all 0 0"
fi

if [ -e /tmp/d4m-nfs-mounts.txt ]; then
  while read MOUNT; do
    DSTDIR=$(echo "$MOUNT" | cut -d: -f2)
    mkdir -p ${DSTDIR}
    FSTAB="${FSTAB}\n${DEFGW}:$(echo "$MOUNT" | cut -d: -f1) ${DSTDIR} nfs nolock,local_lock=all 0 0"
  done < /tmp/d4m-nfs-mounts.txt
fi

if ! $(grep "d4m-nfs mounts" /etc/fstab > /dev/null 2>&1); then
    echo adding d4m nfs config to /etc/fstab:
    echo -e $FSTAB | tee /etc/fstab
else
    echo d4m nfs mounts already exist in /etc/fstab
fi

sntpc -i 10 ${DEFGW} &

sleep .5
mount -a
touch /tmp/d4m-done

/tmp/d4m-nfs-mounts.txt

/Users/leotan:/Users/leotan:0:0

/etc/exports

# d4m-nfs exports

"/Users/leotan" -alldirs -mapall=0:0 localhost

[if-kyle]

I am assuming the existing modules were part of the codebase and installed without going through docker.

This is not really a d4m-nfs but rather a standard docker methodology to understand. The docker engine (mac in this case) and the docker container (php) have different user IDs (UIDs) for the users between the 2 systems. Sometimes you may even see in the engine or the container, a file/directory that has no named owner/group, but rather just an integer. This means that on the opposite side, that no UID matched a user. /etc/group will show what the engine or container believes a UID to map to a user.

In the php container, check to see what the ownership looks like. Something like "docker exec -it php /bin/sh" and then navigate to that directory and see how it looks from "inside", as this is where the permission really matters for php to properly run and read the file.

This is not really an issue as long as you can edit the file on the mac, and php can properly interact with the file in the container. If either side cannot, an option is to add a user to the container that matches the engine user. As an example, we add a php user, 1970 to the php engine, and a 1970 user to nginx container, and then on the host linux system we add a 1970 user called fulcrum (our product name) so we have a "proper" display name across all the systems that has correct permissions on the directories and files.

Check out this link for some more info: https://stackoverflow.com/questions/23544282/what-is-the-best-way-to-manage-permissions-for-docker-shared-volumes

[leolandotan]

Hi @if-kyle ,

Thank you very much for your detailed explanation and patience for doing so. :) I was asking this because my colleague only had the vanilla Docker installation and when he used my Docker Compose setup, his dockermysql folder user was the same as the host user. So I think this an NFS and the default docker file sharing method(osfx or something) right?

[if-kyle]

Yes, that does sound correct.