Due to dependency updates the project files feature for our standard applications can lead to breaking changes in permissions for the mounted share.
Those changes will be part of our next release v0.19.0 on the 3rd of December 2024.
If not provided for the share, the user id and group id of the mounted files and folders will default to 0 each. That will lead to issues if you are using non-root users (as you always should) with different user and group ids.
Here is an example how it should be done:
node:20.12-alpine
WORKDIR /application
COPY package*.json /application/
RUN npm install --production
COPY ./src /application/src
RUN addgroup --gid 1111 -S appgroup && adduser -u 1001 -S appuser -G appgroup
USER appuser
EXPOSE 3000
CMD npm start
Please note that we create a user with the UID 1001 and the GID 1111. So we need to set the same UID and GID for the mounted project-files in the docker-compose file:
version: "3.4"
volumes:
my-volume:
labels:
com.calponia.storage.type: project
com.calponia.storage.project.share: /
com.calponia.storage.project.uid: 1001
com.calponia.storage.project.gid: 1111
services:
backend:
image: alpine:3.7
volumes:
- my-volume:/mnt/project-files
IMPORTANT: If you just set the type to
project
and do not set the UID and GID, the mounted project-files will be owned by the root user and group. This will lead to permission issues when writing to the mounted project-files as other (non-root) users.