I'm a relative novice to Docker, so please bear with me if the answer is obvious.
I'm trying to give my docker container access to a shared data directory on the host, which has specific group permissions and is read-only for the group of the intended user.
I've already tried docker run -it -v /data:/data ubuntu /bin/bash with the resulting error docker: Error response from daemon: error while creating mount source path '/data': mkdir /data: permission denied. So it's clearly a permission issue.
The gist I got looking around on google is that if you bind-mount a volume, you need to have read-write permission.
So I'm looking for an alternative way, possibly with docker volume?
The data directory is huge, so any kind of duplication is not feasible. Also, changing permissions is not possible.
System info:
docker Server Version: 17.03.1-ce
Operating System: Ubuntu 16.04.2 LTS
EDIT:
So I finally figured it out after the helpful comment of @barat.
The problem was, that the exact directory I was trying to mount inside the container had the permissions set up in a way that only members of a specific group could read the contents. I tried everything from docker run -u userwithaccess, docker run --privileged to adding a user within the Dockerfile and specifically assigning the group in question to that user. Nothing worked.
In the end the solution was relatively simple:
The parent directory of my data directory had read access for everyone, i.e. also users which were not members of the group. So I was able to mount it without a problem.
To reach the actual data, I did add the user in the Dockerfile to the group and made sure it had the same name and GID. Finally it was no problem to navigate into the data directory and read any file I wanted.
So I'm not sure if the directory I tried to mount is just a special case, or if it's generally not possible to mount a directory with specific group access.
I found this workaround, but I would still have no solution if the directory I wanted would have been at /.
