How to fix permissions for alpine image files using Cron as a non-root user on an accessible volume

I am trying to create a multi-stage build in docker that simply runs non-root crontabs that write to the extent accessible from outside the container. I have two problems with permissions: with external access in appearance and with cron:

• the first build in the dockerfile creates a non-root user entry-point user image and su-exec useful for fixing permissions with a volume!

• the second build in the same dockerfile used the first image to start the crond process, which is usually written to the / backup folder.

docker-compose.yml file to create a docker file:

 version: '3.4' services: scrap_service: build: . container_name: "flight_scrap" volumes: - /home/rey/Volumes/mongo/backup:/backup 

In the first step of DockerFile (1), I try to adapt denis bertovic's answer to an alpine image

 ############################################################ # STAGE 1 ############################################################ # Create first stage image FROM gliderlabs/alpine:edge as baseStage RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories RUN apk add --update && apk add -f gnupg ca-certificates curl dpkg su-exec shadow COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh # ADD NON ROOT USER, i hard fix value to 1000, my current id RUN addgroup scrapy \ && adduser -h /home/scrapy -u 1000 -S -G scrapy scrapy ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] 

My docker-entrypoint.sh for permission fix:

 #!/usr/bin/env bash chown -R scrapy . exec su-exec scrapy " $@ " 

The second step (2) will start the cron service to write to the / backup folder set as volume

 ############################################################ # STAGE 2 ############################################################ FROM baseStage MAINTAINER rey ENV TZ=UTC RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone RUN apk add busybox-suid RUN apk add -f tini bash build-base curl # CREATE FUTURE VOLUME FOLDER WRITEABLE BY SCRAPY USER RUN mkdir /backup && chown scrapy:scrapy /backup # INIT NON ROOT USER CRON CRONTAB COPY crontab /var/spool/cron/crontabs/scrapy RUN chmod 0600 /var/spool/cron/crontabs/scrapy RUN chown scrapy:scrapy /var/spool/cron/crontabs/scrapy RUN touch /var/log/cron.log RUN chown scrapy:scrapy /var/log/cron.log # Switch to user SCRAPY already created in stage 1 WORKDIR /home/scrapy USER scrapy # SET TIMEZONE https://serverfault.com/questions/683605/docker-container-time-timezone-will-not-reflect-changes VOLUME /backup ENTRYPOINT ["/sbin/tini"] CMD ["crond", "-f", "-l", "8", "-L", "/var/log/cron.log"] 

The crontab file, which usually creates a test file in the /backup volume folder:

 * * * * * touch /backup/testCRON 

DEBUG Phase:

• Enter my image using bash, it seems that the image starts the scrapy user correctly:

   uid=1000(scrapy) gid=1000(scrapy) groups=1000(scrapy) 

• The crontab -e command also provides the correct information.

• But the first error , cron does not start correctly when I cat /var/log/cron.log I have permission denied

   crond: crond (busybox 1.27.2) started, log level 8 crond: root: Permission denied crond: root: Permission denied 

• I also have a second error when I try to write directly to the / backup folder using the touch /backup/testFile . The volume /backup folder remains accessible only with root privileges, I don’t know why.