I have been working on and off on this project where two services talk to each other. I am not part of the main developers team of this project, so a lot of things change between each of my iterations. The two services are maintained by a different set of developers and the communication of breaking changes is quite poor. I have lost count of how many times I have fixed the communication between these two services.

Project context

• There is one service which runs in a docker conatiner and another which runs without any containerization
• These two services share files via a mounted volume
• The directory and subdirectories of this volume is created on the local machine by my user (uid 1000)
• The service inside the docker container runs under www-data user (uid 33)

Problems

1. User from container can not access files

The first problem I recall encountering was that the user inside the container (uid 33) had not permissions to access the files created by the local user (uid 1000).

Solution: set ownership of all files to local user and docker user group.

sudo chown -R local-user:www-data /tmp/service-x-shared-volume/

2. User from container can not create subdirecoties and files

Solution: New files and directories should have the same permissions as the parent. To achieve this set the group id bit:

sudo chmod -R g+s /tmp/service-x-shared-volume/

3. Yet more problems

Some weeks later the system has changed again, now there is a third docker container accessing the shared volume. This time the container user is root. At this point I took a more permissive approach, let anybody write and read to any subdirectory of the volume:

sudo setfacl -d -m u::rwx /tmp/service-x-shared-volume/