-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The user www-data runs the service rather than root #7
Comments
Hi @Lindenk , this is intentional and somewhat of a best-practice. The image is based on the official php image and uses the default I'd recommend changing ownership of your mounted directories with Alternatively, check out Running as an arbitrary user in the |
Closing the issue, hope this clarified it |
I would argue best practice is to have services inside containers run as root whenever possible. Having to modify the host system in specific ways to work with a docker container instead of keeping any and all requirements to run the service inside the container is against the docker philosophy. My temporary solution was to exec a chown command on the directory mounted inside the container after deployment but this has it's own problems. Any newly created filed are owned by root on the host system which causes the mounted system to misbehave unless another chown is executed afterwards. It would be much more convenient and standard to have the service run as root (or the user configured with docker), or at the very least include an environment variable to allow a user to be set. Honestly, docker has the ability to set a user and group already so I see little need to go against convention and hardcode a different one in. |
The non-root user is not a custom adjustment I made, but what the offical Docker image had in there already. I'd argue running processes inside containers as
Regarding convenience and running Apache as a different user, please check the links from my earlier post, the official documentation explain the usage of I'm curious though, since you mentioned newly created files and if I interpret it correctly, it's a reoccurring issue on your server. Can you describe your setup and the steps that cause the issue? |
It seems using the nginx image automatically sets permissions. While the permissions on my host system seem to have also changed, it's good enough as it doesn't requires manual configuration or hacks to get working. Setting APACHE_RUN_USER didn't seem to fix the issue with the apache container (IE the baikal process(s) were still running as www-data). Either way, sorry for the rant. I'm just tired of dealing with php in general. |
The Nginx variant sets/updates them, pretty much because of this issue. I didn't do it for the Apache variant though to not break anyone's setup. I agree on PHP though... https://twitter.com/iamdevloper/status/983963738213666816 Btw, given PHP and the maintenance situation of sabre-io/baikal with the main developer leaving (https://evertpot.com/sabredav-maintenance-update/), I'm actually considering moving to https://radicale.org/ or something else... partially why I'm now cleaning up this repo, putting it in a good state before I possbily make a swtich. |
It looks like a user named www-data user needs to interact with the persistent data directory which create permission issues if the folder is mounted to the host system.
The text was updated successfully, but these errors were encountered: