Applying appropriate file permissions on Docker bind mounts¶
Some docker containers create files that have read access to the public. I want to change that. Here's how with access control limits (acls).
Removing public read access to folders
Securing files so that only user has read/write/execute while the group only has read access
To ensure all files are like this in the folder we can use acls
To see current file permissions
To see ACL rules applied
Breaking down that last command:
Command | Description |
---|---|
setfacl | Set File ACL — the command that modifies ACLs. |
-R | Recursive — apply the ACL to the directory and all of its subdirectories. |
-m | Modify — specify the ACL entries to add or change. |
d: | Default — apply these as default ACLs (inherited by future files/folders). |
u::rwX | User (owner) gets read/write (and execute on dirs). |
g::r-X | Group gets read (and execute on dirs, so they can list contents). |
o::--- | Others (i.e., everyone else) get no access at all. |