Closed nclavaud closed 7 years ago
Yeah its expected behaviour as it allows the web server to write to the directory, if you're uploading files or plugins like wordpress etc.
I could add a flag to stop change of ownership if you think it would be useful.
Ric
wouldn't it be better to use best-practices with GID and UID mapping? ie: create user and group with specified IDs, if IDs are defined in environment vars.
sample implementation: https://github.com/sameersbn/docker-gitlab#host-uid--gid-mapping https://github.com/sameersbn/docker-gitlab/search?utf8=%E2%9C%93&q=USERMAP_GID
in the case of your image, the easiest would be something like: ENV USERMAP_UID=101 ENV USERMAP_GID=100
addgroup -gid USERMAP_GID nginx && \ useradd -g USERMAP_UID -u USERMAP_UID nginx && \
But the more complete example is here, nice way of handling it, although, handling it from Dockerfile seems more than sufficient: https://github.com/27Bslash6/docker/blob/master/nginx-pagespeed/bin/add_user.sh
And it's still beneficial to have an ability to bypass ownership change, ie. wordpress would have only few folders writable by php-fpm user, and the rest should be read only
Docker also has the --user flag when creating containers. Is it possible to map to that? then no need to add extra variables, and could use docker functionality.
Please fix this issue
Has anyone got a working pull request for this. We'll need to change the running user of nginx and php-fpm also.
Ric
running into this issue too.
Here's a possible solution: create a completely new user based upon user&group ids passed into the container have NGINX run as that user
based upon example here: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/10-adduser#L19
so from your docker.sh file you'd have
docker run -d -p 80:80 -e PGID=1000 PUID=1000 ...
if you think this solution is appropriate, I can take a stab at implementing this, then can submit a PR
I'm going to check this out in the morning and get it merged
commit 4cfc4cb998f4b981ff5b5b97d37111dc7a874dd4 fixes this enjoy!
When mapping a host directory to the container volume
/var/www/html
, the owner of the host directory changes. This is annoying, because any update to the code will require changing the owner back.I guess this is because of https://github.com/ngineered/nginx-php-fpm/blob/8137d2d0c5e1b9afa36ba2781a027184dc46ad4b/scripts/start.sh#L92-L93
Is it expected behavior, or am I missing something?