Description
Currently the official Docker image applies the VOLUME directive to the /opt/tomcat folder:
> docker history openkm/openkm-ce:6.3.12 | grep VOLUME
<missing> 14 months ago /bin/sh -c #(nop) VOLUME [/opt/tomcat] 0B
But this is wrong if you look at the documentation for Docker:
Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.
— https://docs.docker.com/storage/volumes/
Since /opt/tomcat folder contains software in form or JARs, WARs, and scripts, it is not supposed to be a volume, since volumes are intended for "data generated and used Docker containers". This means VOLUME directive was used incorrectly.
Furthermore:
Changing the volume from within the Dockerfile: If any build steps change the data within the volume after it has been declared, those changes will be discarded.
— https://docs.docker.com/engine/reference/builder/#notes-about-specifying-volumes
This in effect means that it is impossible to modify the /opt/tomcat folder - for example to change permissions - since it's a volume:
FROM openkm/openkm-ce:6.3.12
RUN chown -R www-data /opt/tomcat
USER www-dataSuch a Dockerfile intended to allow the container as non-root user will have no effect, since the /opt/tomcat folder is a volume.
The correct usage of VOLUME directive would be for folders like /opt/tomcat/conf or /opt/tomcat/data, not /opt/tomcat.