2

Over the years I have been using docker for self-hosting, I never really cared about mounted volumes because I did not see real advantages vs mounted folders (I know about advantages related to permissions, etc. but that has not been a deal breaker for me).

Only recently, I discovered that a docker volume can be accessed through /var/lib/docker/volumes/<volume_name> (on Arch). This led me to the question: why bother with mounted directories then, since the volume data is available through the directory above?

This is the exact opposite of the approach I had so far. Still, if the volume contents are readily available, all the concerns I could have had (editing files, backup, ...) are gone, with all the goodness of volumes as an added value (especially the fact that I do not need to bother maintaining a /etc/docker/<service> tree).

Since this sounds too good to be true - I would like to understand the drawbacks of directly accessing volume data through /var/lib/docker/volumes/<volume_name> (accessing from the system/OS/shell, not from docker itself).

WoJ
  • 3,875

1 Answers1

0

While in general I'd say it's mostly safe (both a named volume and an explicit bind mount are essentially the same), here are some things to consider:

  • Reading files - very safe, since you're not changing anything
  • Different UID/GID - You have the same issue with a typical bind mount, but the UID and GID of files have a different assignment inside the container. That means if you mess up file permissions on the host side, the services inside the container might not be able to access the files.
  • Access to /var/lib/docker/volumes - A non-root user cannot access /var/lib/docker/volumes, while that same user could access a directory elsewhere that is bind mounted.
  • Existing directories - Sometimes you want to mount an existing directory on the host versus copying it to a volume, such as one that should be shared between the host and the container.
  • Single file mounts - Somewhat related, but single file mounts (e.g. -v /etc/hosts:/etc/hosts) can't use named volumes, obviously.

I'm not familiar with the /etc/docker/<service> tree (maybe that's an Arch thing?).

jpiddle888
  • 156
  • 4