3

This would be related to Docker php:5.6-Apache Development Environment missing permissions on volume mount

I have tried pretty much everything to make the mounted volume be readable by www-data, my current solution is trying to move by scripts the folders needed by the application to /var and giving the proper permissions to be writable by www-data but that is becoming hard to maintain.

Giving the fact that it's a development environment I don't mind being a security hole so I would like to run apache as root and I get

Error: Apache has not been designed to serve pages while running as root. There are known race conditions that will allow any local user to read any file on the system. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLE to the CFLAGS line in your src/Configuration file and rebuild the server. It is strongly suggested that you instead modify the User directive in your httpd.conf file to list a non-root user.

Is there any easy way I can accomplish this using the docker image php:5.6-apache?

This is my docker-compose.yml

version: '2'
services:

    api:
        container_name: api
        privileged: true
        build:
            context: .
            dockerfile: apigility/Dockerfile
        ports:
            - "2020:80"
        volumes:
            - /ft/code/api:/var/www:rw

And this is my Dockerfile:

FROM php:5.6-apache

USER root
RUN apt-get update \
    && apt-get install -y sudo openjdk-7-jdk \
    && echo "www-data ALL=NOPASSWD: ALL" >> /etc/sudoers

RUN apt-get install -y git zlib1g-dev libmcrypt-dev nano vim --no-install-recommends \
    && apt-get clean \
    && rm -r /var/lib/apt/lists/* \
    && docker-php-ext-install mcrypt zip \
    && curl -sS https://getcomposer.org/installer \
    | php -- --install-dir=/usr/local/bin --filename=composer \
    && a2enmod rewrite \
    && sed -i 's!/var/www/html!/var/www/public!g' /etc/apache2/apache2.conf \
    && echo "AllowEncodedSlashes On" >> /etc/apache2/apache2.conf \
    && cp /usr/src/php/php.ini-production /usr/local/etc/php/php.ini \
    && printf '[Date]\ndate.timezone=UTC' > /usr/local/etc/php/conf.d/timezone.ini

WORKDIR /var/www
Improve this question
1
  • Could you provide your Dockerfile and the way you try to launch your container? Commented May 8, 2016 at 13:13

3 Answers 3

Reset to default
5

Why not to do exactly what it says in the question you referred to?

RUN usermod -u 1000 www-data
RUN groupmod -g 1000 www-data

This is not a hack. It's a proper solution to the problem you have in the development environment.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yes, but for that to work you need to ssh into your docker-machine and run sudo mount -t vboxsf -o uid=1000,gid=1000 code /code
0

So, I managed to make the mounted data available for www-data by using the part of the answer in the related post but another step is required for it to work.

After you run docker-machine start default you need to ssh into it and run the following:

sudo mkdir --parents /code [where /code is the shared folder in virtualbox]

sudo mount -t vboxsf -o uid=999,gid=999 code /code [this is to make sure the uid and gid is 999 for the next part to work]

Then in your Dockerfile add

RUN usermod -u 999 www-data \
    && groupmod -g 999 www-data

After it's mounted, /code will have the owner www-data, and problem solved!

Improve this answer

Comments

0

Another and better solution.

Add this in your dockerfile

RUN cd ~ \
    && apt-get -y install dpkg-dev debhelper libaprutil1-dev libapr1-dev libpcre3-dev liblua5.1-0-dev autotools-dev \
    && apt-get source apache2.2-common \
    && cd apache2-2.4.10 \
    && export DEB_CFLAGS_SET="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -DBIG_SECURITY_HOLE" \
    && dpkg-buildpackage -b \
    && cd .. \
    && dpkg -i apache2-bin_2.4.10-10+deb8u7_amd64.deb \
    && dpkg -i apache2.2-common_2.4.10-10+deb8u7_amd64.deb

After that, you could be able to run apache as root.

PS : apache2-2.4.10, apache2-bin_2.4.10-10+deb8u7_amd64.deb and apache2.2-common_2.4.10-10+deb8u7_amd64.deb could change according to your source

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.