Torizon OS Creating a new volume with user access instead of root

Dear Developer Community,

I have been trying to create a new volume for the flashdisk on an iMX6 running Torizon OS using the docker-compose.yml file, the directory does get created, however it is under root access as opposed to the user access meaning the firmware does not get access to use the directory. I have tried specifying the user in the docker-compose file and I have tried creating the directory in the Dockerfile with no luck.

Many Thanks,
Job

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


Hello there!

Configuring volumes in your docker-compose.yml file is a crucial step in managing data persistence and access in your containers. Here’s a simple example to help you set up volumes with the correct structure:

version: "2.4"
services:
  your-service:
    volumes:
      - "your-volume:/path/to/mount"

volumes:
  your-volume:

To ensure proper user access to these volumes, follow these steps:

  1. Define the Volume: Specify the volume in the volumes section of your docker-compose.yml file.
  2. Mount the Volume: Use the volumes directive to mount the volume to your service.

The example above outlines the basic setup. While the documentation provides a good starting point, it doesn’t specifically cover setting user permissions for volumes. For more detailed guidance, you might find the following resources helpful:

If you need a general approach to handling volume permissions in Docker, feel free to ask! I’m here to help with any Torizon-specific solutions you might need.

Best regards,
Toradex AI Assistant.

Greetings @JobDerksen,

Could you provide the exact details of how you’re trying to create the new volume in the Docker compose file.

Typically if you are bind-mounting a volume directory from the host OS into the container. The permissions that directory had on the host are then transplanted into the container. If you are generating a completely fresh volume in the container, then a new directory gets created in the container filesystem with default root permissions. You could try to pre-make the directory in the container image with the correct permissions. That way when you attach the volume on container startup it should inherit the permissions of the pre-made directory. Something akin to the solution here: Change permissions for named volumes in Docker - Server Fault

That said it would still be appreciated if you could share what you’re doing exactly so it’s clearer what you’re trying to do.

Best Regards,
Jeremias

Hi @jeremias.tx

In the docker-compose file we have initiated the volume like so.

volumes:
- “/home/user-name/new_volume:/new_volume:rw”

This then gets mounted under root access.

I have also tried the solution you sent, but it does not seem to work I however am not sure if I’m to use Dockerfile.sdk or Dockerfile.debug (as I am only debugging the solution right now)

I did try using both the dockerfiles while also removing the volume from the compose file to see if that was causing the directory permissions to be over written, however this caused there to be no directory. To check for the directory I have been sshing into the iMX6 then checking for the folder and its permission, but I’m not certain if it only exists when the container is running.

Best Regards,
Job

In the docker-compose file we have initiated the volume like so.
volumes:
“/home/user-name/new_volume:/new_volume:rw”

Okay, so I understand this to mean you’re binding the directory /home/user-name/new_volume from the host filesystem to /new_volume inside the container filesystem. Does the path /home/user-name/new_volume already exist on the host filesystem prior to running your container?

If it does not, then when your container is starting it will create /home/user-name/new_volume on the host filesystem with root permissions. These permissions are then copied through the bind-mount volume into the container filesystem.

What you should do is create this path on the host with the permissions you want it to have in the container. I tested the following:

  • Create file-path /home/torizon/test using the torizon user outside of the filesystem. Naturally this newly created directory is owned by the torizon user:
torizon@verdin-imx8mp-06849059:~$ ls -l /home/torizon
total 8
drwxr-xr-x 2 torizon torizon 4096 May  1 17:41 test
  • Next I run a container with a bind-mount volume for this newly created directory /home/torizon/test:/test:rw
  • Inside the container I can see /test has inherited the permissions/ownership of /home/torizon/test:
torizon@82b3a57f22eb:/$ ls -l /
total 52
lrwxrwxrwx   1 root    root       7 Jan 13 00:00 bin -> usr/bin
drwxr-xr-x   2 root    root    4096 Dec 31 10:25 boot
drwxr-xr-x   5 root    root     340 May  1 17:48 dev
drwxr-xr-x   1 root    root    4096 May  1 17:48 etc
drwxr-xr-x   1 root    root    4096 Jan 30 12:06 home
lrwxrwxrwx   1 root    root       7 Jan 13 00:00 lib -> usr/lib
drwxr-xr-x   2 root    root    4096 Jan 13 00:00 media
drwxr-xr-x   2 root    root    4096 Jan 13 00:00 mnt
drwxr-xr-x   2 root    root    4096 Jan 13 00:00 opt
dr-xr-xr-x 206 root    root       0 May  1 17:48 proc
drwx------   2 root    root    4096 Jan 13 00:00 root
drwxr-xr-x   3 root    root    4096 Jan 13 00:00 run
lrwxrwxrwx   1 root    root       8 Jan 13 00:00 sbin -> usr/sbin
drwxr-xr-x   2 root    root    4096 Jan 13 00:00 srv
dr-xr-xr-x  12 root    root       0 May  1 17:48 sys
drwxr-xr-x   2 torizon torizon 4096 May  1 17:41 test
drwxrwxrwt   2 root    root    4096 Jan 13 00:00 tmp
drwxr-xr-x   1 root    root    4096 Jan 13 00:00 usr
drwxr-xr-x   1 root    root    4096 Jan 13 00:00 var
  • As the torizon user inside the container I am able to create files and such in /test:
torizon@c731310bf9f0:/$ touch /test/foo
torizon@c731310bf9f0:/$ ls -l /test
total 0
-rw-r--r-- 1 torizon torizon 0 May  1 17:49 foo

In summary, create the file-path on the host with the permissions and ownership you want before you run the container that bind-mounts the volume.

Best Regards,
Jeremias

Hi @jeremias.tx

I just want to say thank you for the help!

Is there a way to automate the process of creating the directory? Could there be a shell script which then creates the directory with the correct permissions if it is not present?

Best Regards,
Job

Is there a way to automate the process of creating the directory? Could there be a shell script which then creates the directory with the correct permissions if it is not present?

You could create a systemd service for this purpose: Basic Linux Commands | Toradex Developer Center

You can just have the service run mkdir -p <path to directory> or have it execute a shell script you made if you want something more advanced. The systemd service can then be captured using TorizonCore Builder so you have it in an image by default.

Best Regards,
Jeremias

Perfect, thank you so much for the help!