How to handle permission inside a volume from docker?

Question

I have a container running a PHP application and the php-fpm service can't write the cache files inside an folder provided by a docker volume.

I gave 777 permissions on the folder I need to write, from the host machine, but it works just for a while. Files created by php-fpm doesn't have necessary permissions. Furthermore it's not possible to change the owner and group with chown command.

This is my docker-composer.yml file:

web:
    image: eduardoleal/nginx
    external_links:
        - proxy
    links:
        - php:php
    container_name: "app-web"
    environment:
        VIRTUAL_HOST: web.app
    volumes_from:
        - data 
    volumes:
        - ./src/nginx-vhost.conf:/etc/nginx/sites-enabled/default
php:
    image: eduardoleal/php56
    container_name: "app-web-php"
    volumes_from:
        - data
data:
    container_name: "app-web-data" 
    image: phusion/baseimage
    volumes:
        - /Users/eduardo.leal/Code/vidaclass/web:/var/www/public

I'm running docker on OSX with VirtualBox.

Answer 1

MacOS has some mounting problems because of the differences in user and group owning the file versus user and group modifying/reading the file. As a workaround, do the following (preferably using the latest version) of Docker,

$ brew install docker-machine-nfs
$ docker-machine start yourdockermachine
$ docker-machine-nfs yourdockermachine --shared-folder=/Users --nfs-config="-alldirs -maproot=0"

You can change the name of yourdockermachine as you like. Also, you have the ability to change the shared folder you want to map. The above option is the best bet and works in all cases. I would suggest not changing that so that you don't mess around with system files.

After the above setup, make sure you provide appropriate read, write, execute permissions to your files and folders.

NOTE: Dependencies for above procedure are brew, docker-machine (or the complete docker toolbox for simplicity)

UPDATE 1: Docker for Mac Beta is in private invite phase. It runs Docker natively on Mac on top of xhyve Hypervisor. It would mean, no more permission errors and improved performance.

UPDATE 2: Docker for Mac is now in Public Beta. The underlying technology remains the same and the VM is completely managed by the Docker service. The version as of this writing is 1.12.0-rc2 which works seamlessly with OS X without any intervention of docker-machine.