3

I created Django project with Docker Compose:

Dockerfile

FROM python:2.7

ENV PYTHONUNBUFFERED 1

RUN mkdir /code
WORKDIR /code
ADD . /code/

RUN pip install -r requirements.txt

WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]

docker-compose.yml

postgres:
  image: postgres
  ports:
  - '5432:5432'

django-project:
  build: .
  command: runserver 0.0.0.0:8000
  volumes:
  - .:/code
  ports:
  - '8000:8000'
  links:
  - postgres

It work nice. But all new files which create through container 'django-project' have root owner and group.

I try add user: user in Compose config for container django-project. But got exception User user not found.

I try add user in container with code:

ENV HOME_USER user
ENV HOME_PASS password

RUN useradd -m -s /bin/bash ${HOME_USER} && \
    echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
    adduser ${HOME_USER} sudo && \
    echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

But exception stayed.

How I can apply non-root ownership for all new files which will create through docker container?

petrikoz
  • 103
  • 1
  • 9
  • You need to create a new user in your dockerfile that will be assigned ownership, then chown the /app folder to that user. – Burhan Khalid Jan 26 '16 at 07:30
  • 1
    I add user with code as in question, but new file still create with root as owner. I make `docker-compose up` from non-root user. Can I set this user as owner for all new files? – petrikoz Jan 26 '16 at 10:16

1 Answers1

1

if your useradd worked then the last piece of the puzzle is to switch to that user in the Dockerfile to run particular commands when the container is built:
https://docs.docker.com/engine/reference/builder/#user

Note that specifying user: user in the docker-compose.yml only affects the final process that's run when you start the container (i.e. the ENTRYPOINT or CMD)
https://docs.docker.com/engine/reference/run/#user

So you need to:

FROM python:2.7

ENV PYTHONUNBUFFERED 1

ENV HOME_USER user
ENV HOME_PASS password

RUN useradd -m -s /bin/bash ${HOME_USER} && \
    echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
    adduser ${HOME_USER} sudo && \
    echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

USER user

RUN mkdir /code
WORKDIR /code
ADD . /code/

RUN pip install -r requirements.txt

WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]

Alternatively you could run everything as root user but chown all the files as a RUN step in the Dockerfile:

FROM python:2.7

ENV PYTHONUNBUFFERED 1

ENV HOME_USER user
ENV HOME_PASS password

RUN useradd -m -s /bin/bash ${HOME_USER} && \
    echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
    adduser ${HOME_USER} sudo && \
    echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

RUN mkdir /code
WORKDIR /code
ADD . /code/

RUN chown -R user /code

RUN pip install -r requirements.txt

WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]
Anentropic
  • 32,188
  • 12
  • 99
  • 147
  • I tryed both of your recipies, but the didn't help. When I create new migrations with command `docker-compose run django-project makemigrations example` new migration's files have root as owner. – petrikoz Jan 27 '16 at 06:43
  • that's something different again... try looking at the docs: https://docs.docker.com/compose/reference/run/ ...run with `-u` flag – Anentropic Jan 27 '16 at 11:40
  • I tried with my host username and username of created in container user. Got error "Unable to find user..." in both cases. – petrikoz Jan 27 '16 at 12:01
  • you need to both create the user when building the image, with `RUN useradd` in the dockerfile, and also `docker-compose run -u ` – Anentropic Jan 27 '16 at 13:44
  • Yes. When I wrote I had tried username from container I meant what I builded it in container. This case didn't help me. I got error 'Unable to find user user' – petrikoz Jan 28 '16 at 05:51
  • then it sounds like your `user` user did not get created properly... try `run`ning a bash shell in the image you built and find out what has happened – Anentropic Jan 28 '16 at 11:04
  • thank for true way - watch logs. Needed add user and used him for `ENTRYPOINT`. `MKDIR` didn't work with him: said "Permission denied" – petrikoz Jan 28 '16 at 13:27