Login/Register
Changing permissions of added file to a Docker volume
Asked Answered
apachedockernagios
H

1

1

In the Docker best practices guide it states:

You are strongly encouraged to use VOLUME for any mutable and/or user-serviceable parts of your image.

And by looking at the source code for e.g. the cpuguy83/nagios image this can clearly be seen done, as everything from nagios to apache config directories are made available as volumes.

However, looking at the same image the apache service (and cgi-scripts for nagios) are run as the nagios user by default. So now I'm in a pickle, as I can't seem to figure how to add my own config files in order to e.g. define more hosts for nagios monitoring. I've tried:

FROM cpuguy83/nagios
ADD my_custom_config.cfg /opt/nagios/etc/conf.d/
RUN chown nagios: /opt/nagios/etc/conf.d/my_custom_config.cfg
CMD ["/opt/local/bin/start_nagios"]

I build as normal, and try to run it with docker run -d -p 8000:80 <image_hash>, however I get the following error:

Error: Cannot open config file '/opt/nagios/etc/conf.d/my_custom_config.cfg' for reading: Permission denied

And sure enough, the permissions in the folder looks like (whist the apache process runs as nagios):

# ls -l /opt/nagios/etc/conf.d/
-rw-rw---- 1 root root 861 Jan  5 13:43 my_custom_config.cfg

Now, this has been answered before (why doesn't chown work in Dockerfile), but no proper solution other than "change the original Dockerfile" has been proposed.

To be honest, I think there's some core concept here I haven't grasped (as I can't see the point of declaring config directories as VOLUME nor running services as anything other than root) - so provided a Dockerfile as above (which follows Docker best practices by adding multiple volumes) is the solution/problem:

  • To change NAGIOS_USER/APACHE_RUN_USER to 'root' and run everything as root?
  • To remove the VOLUME declarations in the Dockerfile for nagios?
  • Other approaches?

How would you extend the nagios dockerfile above with your own config file?

Heikeheil answered 5/1, 2015 at 17:36 Comment(0)
S
0

Since you are adding your own my_custom_config.cfg file directly into the container at build time just change the permissions of the my_custom_config.cfg file on your host machine and then build your image using docker build. The host machine permissions are copied into the container image.

Stopple answered 5/1, 2015 at 17:49 Comment(5)
No, that's not how ADD works - at least not in my experience. The permission bits are carried over (i.e. 777), but the owner user and group are always changed to root. This can be verified with the following simple Dockerfile: FROM cpuguy83/ubuntu RUN useradd nagios ADD foo.txt / CMD ["sh"] Where foo.txt is owned by nagios on the host system. End result: # ls -la / |grep foo -rwxrwxrwx 1 root root 0 Jan 5 18:15 foo.txtHeikeheil
I guess I could just give my config files permissions 664.Heikeheil
Yeah thats what I mean, give read all to file. I can't verify this right now as dockerhub seems to be down but I also suspect that the nagios image is setting user to nagios which means in your image you may have to do: USER root RUN chown USER nagios to change owners. See github.com/docker/docker/issues/6119Stopple
Alright, this will at least work for now. Running the service as root proved to not make Apache happy at all :) I'll keep this open for a day or so more, in case someone else has other propositions - if not I'll mark your answer as solving it. Thanks, appreciate it.Heikeheil
If you don't want to change the original files permissions/owner, you could extend this workaround by ADD-ing files to some un-volumed location inside the container, chown/chmod and move to the target destination.Pyrochemical

© 2022 - 2024 — McMap. All rights reserved.