Turns out, if you don't chmod anywhere in the Dockerfile, this works fine. It relies on having the correct permissions on the files on the host machine, though.
The core issue seems to be with AUFS and how different layers handle permissions (you can't have broader permissions on higher layers), but the permissions weren't broader or narrower; they were identical.
Either way, this appears to work now. I've mentioned the permission requirements in website.md before running docker-compose build.
Turns out, if you don't chmod anywhere in the Dockerfile, this works fine. It relies on having the correct permissions on the files on the host machine, though.
The core issue seems to be with AUFS and how different layers handle permissions (you can't have broader permissions on higher layers), but the permissions weren't broader or narrower; they were identical.
Either way, this appears to work now. I've mentioned the permission requirements in
website.mdbefore runningdocker-compose build.