More recently, looking at some official docker repositories, I realized that a more idiomatic way to solve these resolution problems is to use gosu in tandem with a script entry point. For example, if we take an existing docker project, for example, solr, the same one with which I had problems with earlier.
dockerfile on Github very efficiently creates an entire project, but does nothing to address resolution issues.
So, to overcome this, I first added the gosu configuration to the docker file (if you implement this notification, version 1.4 hard-coded. You can check the latest releases here ).
# grab gosu for easy step-down from root RUN mkdir -p /home/solr \ && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)" \ && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ && rm /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu
Now we can use gosu, which is basically the same as su or sudo , but works much better with docker. From the description for gosu:
This is a simple tool that grew out of the simple fact that su and sudo have very strange and often annoying TTY behavior and signal forwarding.
Now, the other changes that I made to the docker file were adding these lines:
COPY solr_entrypoint.sh /sbin/entrypoint.sh RUN chmod 755 /sbin/entrypoint.sh ENTRYPOINT ["/sbin/entrypoint.sh"]
just to add my entry point file to the docker container.
and deleting the line:
USER $SOLR_USER
So, by default, you are the root user. (thatβs why we have a gosu to leave the root).
Now, regarding my own entry point file, I don't think it is written perfectly, but it did the job.
#!/bin/bash set -e export PS1="\w:\u docker-solr-> "
The docker launch command takes the form:
docker run <flags> <image-name> <passed in arguments>
Basically, the entry point says that if I want to run solr, as usual, we pass the start argument to the end of the command as follows:
docker run <flags> <image-name> start
otherwise, run the commands that you pass as root.
The start option first gives the user ownership of directories, and then runs the default command. This solves the ownership problem, because unlike dockerfile setup, which is a one-time thing, the entry point starts every time.
So now, if I mount directories using the -d flag, before the entry point actually starts solr, it will process the files inside the docker container.
As for what this does with your files outside the container, I had mixed results because the docker works a little weird on OSX. For me, this did not change the files outside the container, but on another OS, where the docker plays more beautifully with the file system, it can change your files outside, but I think that you have to deal with it if you want to mount files inside the container, not just copying them.