Change umask in docker containers¶
You’re mounting volumes and running into permission issues while accessing volume from different users or other containers.
Prerequisites¶
- A Linux system, Ubuntu preferred.
- Installed docker, please use docker installation guide for help.
- Docker daemon should be running.
Note
If you’re running a Mac, please prepare a docker-machine first, please use docker-machine installation guide.
$ docker-machine create -d virtualbox dev
$ docker-machine start dev
$ eval $(docker-machine env dev)
Test your docker-machine by running docker ps command.
umask¶
In computing, umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files.
umask is set to 0022 on most linux sytems by default. This umask allows
group and others to read your files, see below:
$ umask 0022
$ touch a-file
$ ls -l
-rw-r--r-- 1 daniel staff 0 25 Jan 19:13 a-file
Docker containers do not share user uids so this may be an issue, if you want
to write into this files from another docker container. By setting umask to
0000 new files are created with another permission mask, so group and others
may write into these new files, see below:
$ umask 0000
$ touch another-file
$ ls -l
-rw-r--r-- 1 daniel staff 0 25 Jan 19:13 a-file
-rw-rw-rw- 1 daniel staff 0 25 Jan 19:14 another-file
Dockerfile¶
To modify umask within a docker container you should setup an entrypoint script for your custom docker image. This script will be executed by default if your container gets started:
#!/bin/bash
umask 0000
/bin/bash
The entrypoint script has to be part of the docker image:
FROM ubuntu:14.04
COPY ./docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
Included in gitlab-ci-multi-runner¶
If you used automated testing in GitLab with gitlab-ci-multi-runner < v1.0
you may have had this issue. After my merge request
was merged this is no issue any more, because repository is cloned with umask 0000
now.