Docker sets GUID group and owner to 1000:1000 when volume is mounted

[bizmate]

Docker sets GUID group and owner to 1000:1000 when volume is mounted
Output of docker version:

vagrant@vagrant-ubuntu-trusty-64:/project$ docker -v
Docker version 1.11.0, build 4dc5990

Output of docker info:

 docker info
Containers: 7
 Running: 6
 Paused: 0
 Stopped: 1
Images: 7
Server Version: 1.11.0
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 91
 Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null host bridge
Kernel Version: 3.13.0-83-generic
Operating System: Ubuntu 14.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.955 GiB
Name: vagrant-ubuntu-trusty-64
ID: RFHP:MAQU:36IN:LRX2:62FX:PNKM:QWNA:RDMD:YJN2:RIGO:Q4DR:U3UV
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.):

virtualbox VM with docker installed manually, ubuntu trusty

Steps to reproduce the issue:

1. Run docker-compose up -d and your docker compose contains (notice commented out volume)

version: '2'

services:
  php:
      container_name: php
      image: diegogullo/php_docker_56:latest
      #volumes:
      #  - .:/var/www/html

1. Check permissions of folder mount

docker exec -it php bash
root@50027f9d4b87:/var/www/html# ls -la /var/www
total 12
drwxr-xr-x  4 www-data www-data 4096 Apr 18 11:25 .
drwxr-xr-x 25 root     root     4096 Apr 18 11:25 ..
drwxr-xr-x  2 www-data www-data 4096 Apr  5 01:35 html

1. docker-compose down -v, then enable volume and run docker-compose up. Make sure the volume was destroyed in the meantime checking docker volume ls
2. Now that the volume is loaded on an existing folder check the permissions

ls -la /var/www
total 12
drwxr-xr-x  4 www-data www-data 4096 Apr 18 11:25 .
drwxr-xr-x 25 root     root     4096 Apr 18 11:25 ..
drwxrwxrwx  1     1000     1000 4096 Apr 18 13:58 html

Describe the results you received:
Mounting the volume changes the owner and group, in this case it changes it to the guid of the use in the host machine

Describe the results you expected:
permission preserved on container/volume or (something that does not exist on docker compose as far as i know) allow a more granular permission setup so that the folder permission can be correct to allow a user (in this case www-data) to own the folder

Additional information you deem important (e.g. issue happens only occasionally):

I have read around, http://stackoverflow.com/questions/23544282/what-is-the-best-way-to-manage-permissions-for-docker-shared-volumes . Spoken with other on irc freenode #docker but I cannot find if it is something wrong I am doing or a problem with docker.

ALSO after container is created and folder mounted i cannot change ownership, I have no workaround at the moment

root@6dd0e23b7902:/var/www# chown -R www-data:www-data html/
root@6dd0e23b7902:/var/www# ls -la
total 12
drwxr-xr-x  4 www-data www-data 4096 Apr 18 11:25 .
drwxr-xr-x 25 root     root     4096 Apr 18 11:25 ..
drwxrwxrwx  1     1000     1000 4096 Apr 18 13:58 html

[programmerq]

The uid/gid mapping actually happens at the virtualbox shared folder level, not the docker level. vboxsf is not aware of ownership on the host, so it just maps everything to uid/gid 1000.

Take a look at /etc/rc.d/vbox in your boot2docker host to see the script that handles the mounting.

The common approaches to address this are to run as root or uid/gid 1000 in the container, or use a host volume that is not backed by the vboxsf /Users mount.

[cpuguy83]

@programmerq is correct.
Also check out docker4mac and docker4windows (https://beta.docker.com) which handles this a bit better.

[bizmate]

thanks for the reply @programmerq @cpuguy83 . I signed up for beta a week ago but have not received access yet. Do you know when it will be opened? at the moment it only shows 'Thanks! We'll be in touch soon!'

[thaJeztah]

@bizmate They're sending out multiple batches per week, but there's a huge amount of people that registered, so hopefully you get a code soon.

[sgarciafer]

You can solve your problem by fine tuning the virtualbox config using Vagrant.
On the Vagranfile you can configure the virtual machine and add configurations to the mounted directories.

For instance you could have a mounted directory per container and pre-set the UID and GUID like this:

config.vm.synced_folder "/Users/Me/Sites/DATA/app1", "/home/app1", mount_options: ["dmode=755", "fmode=644"],owner: 3331, group: 10001

You can use that mounted directory from VirtualBox (through Vagrant) to use it as volume for Docker. Then on docker you can create an user and group with those same numeric values.

[sgarciafer]

You can solve your problem by fine tuning the virtualbox config using Vagrant.
On the Vagranfile you can configure the virtual machine and add configurations to the mounted directories.

For instance you could have a mounted directory per container and pre-set the UID and GUID like this:

config.vm.synced_folder "/Users/Me/Sites/DATA/app1", "/home/app1", mount_options: ["dmode=755", "fmode=644"],owner: 3331, group: 10001

You can use that mounted directory from VirtualBox (through Vagrant) to use it as volume for Docker. Then on docker you can create an user and group with those same numeric values for user and group.

[gbergeson]

The uid/gid mapping actually happens at the virtualbox shared folder level, not the docker level. vboxsf is not aware of ownership on the host, so it just maps everything to uid/gid 1000.

Take a look at /etc/rc.d/vbox in your boot2docker host to see the script that handles the mounting.

The common approaches to address this are to run as root or uid/gid 1000 in the container, or use a host volume that is not backed by the vboxsf /Users mount.

@programmerq , I'm pretty new to this. What do you mean, a host volume that is not backed by the vboxsf /Users mount? Can that be configured in the "driver" option of the .yml file?