Forums
VHT Forums
Home Lab Forum
Docker daemon permi...
 
Notifications
Clear all

Docker daemon permissions to access NFS share

 
Page 2 / 2
Home Lab Forum
Last Post by Wuruwhi 8 hours ago
10 Posts
2 Users
4 Reactions
42 Views
RSS
Posts: 5
 Wuruwhi
Topic starter
Jan 03, 2025 9:25 pm
(@wuruwhi)
Active Member
Joined: 4 days ago

Hey Brandon,

Really appreciate the two suggestions. 🙂 

For the first part: Yes, both systems are Linux based.
I’ll check for the root_squash setting. I wasn’t aware of this. 

Permission wise, both mount point and share on each systems were owned by the same uid and gid. Also for some reason, it seemed to check for the name of the user rather than the uid, because once I set on the NAS root as the owner of the share, docker seemed to be happier. But I reverted back as I did not wanted root owning the share.

I had try to find the daemon to give it the proper uid, but did not realize it could be done by modifying docker.service. Still learning Docker, I used to run everything directly on dedicated VMs.

However, I like your second suggestion better as it’s way easier indeed, and it will do what I wanted, which is to have the data on the NAS and not on the VMs directly.

I’ll reset the Docker VM to start clean and will just map the share and bind mount it to containers. 
Going that route, does the docker daemon still need to have the same uid as the one owning the share?

Reply
3 Replies
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 14 years ago

Member
Posts: 416
Jan 03, 2025 9:37 pm
Reply toWuruwhi

@wuruwhi Awesome! Yeah i would probably go the route of the second option as it keeps Docker with what the defaults are for most things and that way you can pick and choose what you want to store on your NFS storage. So far I have not had any issues with my data for critical containers using this approach. I have had to restore files a few times and it has worked as expected 👍

Reply
 Wuruwhi
(@wuruwhi)
Joined: 4 days ago

Active Member
Posts: 5
Jan 03, 2025 9:46 pm
Reply toBrandon LeeBrandon Lee

@brandon-lee Great to hear that! 🙂

Does the Docker daemon has to run with the same uid as the one owning the share?

Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 14 years ago

Member
Posts: 416
Jan 03, 2025 10:14 pm
Reply toWuruwhi
Brandon Lee

@wuruwhi Great question! To clarify, the Docker daemon does not need to run under the same user that owns the NFS directory. Here's how it will work:

The Docker daemon runs as root user or another user like "docker". This user needs to have permissions to access and manage the data root directory or any bind-mounted directories. But, it does not need to match the uid/gid of the user owning the NFS share.

Your mount of the volume (NFS client) will receive access based on what permissions it has been configured with on the server side.

If the NFS share is mounted with the right user the uid/gid and permissions, your Docker containers and the daemon will be able to access it as expected.

So for instance:

sudo mount -t nfs -o rw,uid=1234,gid=1234 nfs-server:/share /mnt/nfs

Then you mount the storage as a bind mount in your container:

docker run -v /mnt/nfs/specific-dir:/app/data my-container

Hopefully this helps 😀  

Reply
Wuruwhi reacted
Posts: 5
 Wuruwhi
Topic starter
Jan 05, 2025 11:03 pm
(@wuruwhi)
Active Member
Joined: 4 days ago

It certainly does. 🙂 

I will try this out during the week if I can. 

Reply
Brandon Lee reacted
Page 2 / 2
Forum Jump:
  Previous Topic
Related Topics
Topic Tags:  docker (16) , nfs (2) ,

Currently viewing this topic 1 user ( Brandon Lee ) and 1 guest.

© Copyright 2025, All Rights Reserved  | VirtualizationHowto.com