Change umask in docker containers

You’re mounting volumes and running into permission issues while accessing volume from different users or other containers.

Prerequisites

Note

If you’re running a Mac, please prepare a docker-machine first, please use docker-machine installation guide.

$ docker-machine create -d virtualbox dev
$ docker-machine start dev
$ eval $(docker-machine env dev)

Test your docker-machine by running docker ps command.

umask

In computing, umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files.

umask is set to 0022 on most linux sytems by default. This umask allows group and others to read your files, see below:

$ umask 0022
$ touch a-file
$ ls -l
-rw-r--r--  1 daniel  staff     0 25 Jan 19:13 a-file

Docker containers do not share user uids so this may be an issue, if you want to write into this files from another docker container. By setting umask to 0000 new files are created with another permission mask, so group and others may write into these new files, see below:

$ umask 0000
$ touch another-file
$ ls -l
-rw-r--r--  1 daniel  staff     0 25 Jan 19:13 a-file
-rw-rw-rw-  1 daniel  staff     0 25 Jan 19:14 another-file

Dockerfile

To modify umask within a docker container you should setup an entrypoint script for your custom docker image. This script will be executed by default if your container gets started:

docker-entrypoint.sh
#!/bin/bash
umask 0000
/bin/bash

The entrypoint script has to be part of the docker image:

Dockerfile
FROM ubuntu:14.04

COPY ./docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]

Included in gitlab-ci-multi-runner

If you used automated testing in GitLab with gitlab-ci-multi-runner < v1.0 you may have had this issue. After my merge request was merged this is no issue any more, because repository is cloned with umask 0000 now.

Comments

comments powered by Disqus