Skip to main content

Fixing permission issues with Gollum in Docker containers

devops
Solutions for resolving permission issues when running Gollum wiki in Docker environments

Introduction

When running Gollum wiki in a Docker container, you may encounter a common permissions issue: files created through the Gollum interface are owned by root:root. This becomes problematic when working with these files outside of Gollum, such as when managing files via the command line.

This article explores solutions to this permission problem and provides both quick workarounds and more permanent fixes.

The permission problem

Files created or modified through Gollum's web interface in a Docker container will have:

  • Owner: root
  • Group: root

This happens because the Docker container typically runs the Gollum process as the root user by default, rather than matching your host system's user ID.

Quick workaround solution

If you need a fast solution, you can reassign file ownership after Gollum creates files:

sudo chown -R "${USER:-$(id -un)}": .

This command changes ownership of all files in the current directory to your user and group.

Automating the quick fix

To avoid manually running this command after each file creation in Gollum, you can automate it with a cron job:

  1. Add the ownership fix to an existing cron script:
$HOME/code/cron-scripts/gollum-wiki-commit-cron.sh

Note

When running commands with sudo in cron jobs, you'll need special configuration. See the [Ubuntu documentation on running sudo commands in cron](https://askubuntu.com/questions/173924/how-to-run-a-cron-job-using-the-sudo-command) for more details.

Proper long-term solutions

Rather than repeatedly fixing permissions after the fact, you can address the root cause in two ways:

Option 1: Configure Docker to use rootless mode

Docker can run in "rootless mode," which allows the Docker daemon to run as a non-root user. This approach provides better security and helps solve permission issues.

Follow the official Docker documentation to run the Docker daemon as a non-root user (Rootless mode).

Option 2: Configure the Gollum container with proper user mapping

A more targeted solution involves configuring the Gollum container to use the correct user ID. This issue is discussed in the Gollum Docker repository: Improve user handling in container #5.

Conclusion

While the quick fix using chown works for immediate needs, implementing a proper solution like rootless Docker or container user mapping provides a more sustainable approach for running Gollum in Docker environments.

For production environments, investing time in setting up the proper fix will save you from ongoing permission management and potential security issues.