Can not log to /docker.stdout or /docker.stderr if non-root user runs container

[MajPay]

Hi!

i am using webdevops/php-nginx-dev:7.3 and configured the user to uid 1000 via docker-compose.yml. I need that config because i dont want to run everything as root for convenience reasons (composer, etc).

No - my problem is, that i want to configure my logging to use /docker.stdout but i get permission errors.

How can i change the ownership/permissions of /proc/1/fd/{1,2} - so i am able to log to /docker.stdout from php-fpm process?

You reproduce the problem with:

docker run -it --user 1000 --entrypoint /bin/bash webdevops/php-nginx-dev:7.3

$:echo "hello world" > /docker.stdout

# response will be:
bash: /docker.stdout: Permission denied                                                                                                      

[htuscher]

The container is not supposed to be run as non-root user. Supervisord needs root access to write to /proc/1/fd/... That permission can't be changed (as far as I know).

If you want to run composer etc. with UID 1000, you can do this on the running container:

docker exec -ti --user=application ${container} bash

And you have a shell with the user 1000 and can execute composer, etc. without being root.

[MajPay]

No that does not work. When executing commands as root and calling "get_current_user()" inside php it says application, so it seems the fpm user is set to application anyway and you would never be able to log to /docker.*

when running docker-compose up it says "Setting php-fpm user to application", so that behaviour is intended.

I think i need to change the whole image :-/ Cant accomplish my goal with this image.

I want to run php/php-fpm as NON-ROOT AND be able to log to stdout (for dev).

Is that impossible by the design of docker itself?

or is it possible to combine the image stdout (/proc/q/fd) with an additional log file on the host-machine?

i think i am going to add an additional (tiny) container that will essentially do:

tail -f /app/debug.log > /dev/stdout tail -f /app/error.log > /dev/stderr

and configure the php-nginx image to log to /app/debug.log and /app/error.log

[dzintars]

Mby irrelevant there, but i am trying to get this image running on rootless Podman. No success. Last year on Docker, there was no issues at all... but... I will not use Docker anymore.