8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux

Home » Articles » Linux » Here

Docker : Host File System Permissions for Container Persistent Host Volumes

Let's assume you have a user called "docker_user" that has sudo privileges on docker, as described here. How do you make sure a non-root user has access to the host volumes accessed by a container? Here's one method.

Related articles.

Host Setup

From the user "docker_user" create the directories where you want to store the persistent volumes used by the containers. I'm going to create them under the "docker_user" user's home, but they could be anywhere.

mkdir -p /home/docker_user/volumes/ol7_183_ords_tomcat
mkdir -p /home/docker_user/volumes/ol7_183_ords_db

As the "root" user create a new group with a specific group ID, which will be used for group ownership inside the container and on the host file. Below you can see we've altered the group ownership and permissions on the directories, including the sticky bit for the group permissions. We've the added the "docker_user" user to the "docker_fg" group.

groupadd -g 1042 docker_fg
chown -R :docker_fg /home/docker_user/volumes
chmod -R 775 /home/docker_user/volumes
chmod -R g+s /home/docker_user/volumes
usermod -aG docker_fg docker_user

Image/Container Setup

For this to work we have to make sure the volume defined in the container has the same group permissions. For the ORDS container image build we create the same group we did on the host, and make the "tomcat" user part of that group.

groupadd -g 1042 docker_fg
useradd tomcat -G docker_fg

Later in the image build we create the CATALINA_BASE location and set the permissions as we did on the host.

mkdir -p ${CATALINA_BASE}
chown :docker_fg ${CATALINA_BASE}
chmod 775 ${CATALINA_BASE}
chmod g+s ${CATALINA_BASE}

When we run the container, both the host file and container have a group (docker_fg) with the same ID (1042), and the group ownership of the directory is configured to use it.

We are now able to access the directories from within the container, and from the "docker_user" user on the hosts file system, rather than being forced to use the "root" user to access it.

For more information see:

Hope this helps. Regards Tim...

Back to the Top.