Check privacy settings when using Docker on macOS

Docker has a feature that mounts a folder on the host and uses it as a shared folder. macOS Catalina 10.15 and later had problems accessing a folder mounted with this feature.

The conclusion was that the target folder had been blocked by macOS privacy settings and was inaccessible.

This article summarizes how we were able to identify and resolve the cause of this problem.

TOC

Situation

We have nginx containerized in Docker to create a test web server for development. We want to make various changes to the files to be placed in it, so we put the following in docker-compose.yml file to mount a local folder inside the container.

version: "3"
services:
  nginx:
    build: .
    ports:
      - 80:80
    volumes:
      - ./content_home:/usr/share/nginx/html

However, when we run it, we get HTTP Status 404 Not Found and cannot access the site.

When I put this docker-compose.yml file and a set of related files in one folder and run it in another directory, it appears fine.

Where should we check?

The following are places to check in such cases.

  • Does /usr/share/nginx/html exist?
  • Can you see the files in /usr/share/nginx/html?
  • Does the host’s ./content_home exists?
  • Are the host’s ./content_home permissions and other access rights are granted read permission?

Check the container

Check /usr/share/nginx/html on the container.

% docker container exec testserver_nginx_1 ls /usr/share/nginx
html

The html folder exists because it was output as html. Next, check the files in the folder.

% docker container exec testserver_nginx_1 ls /usr/share/nginx/html
ls: cannot open directory '/usr/share/nginx/html': Operation not permitted

Access has been denied. There is likely a problem with access rights.

Check the host

Check the existence of the folder on the host and its access rights; the confirmation is to see it in the Finder: select the folder in the Finder and choose “Get Info” from the “File” menu. Confirm “Sharing & Permissions”.

If “everyone” and “staff” are set to “read only” and “myself” is set to “read/write,” there is no problem.

macOS privacy settings

In the macOS privacy settings, the following three folders must be given permissions for each app.

  • Downloads
  • Documents
  • Desktop

When you try to access the above folders for the first time after installing the app, the OS will display a dialog asking if you want to allow it. If you do not allow it there, you will not be able to access it.

To check, do the following.

STEP
Select the “System Preferences…” from the Apple menu.
STEP
Click the “Security & Privacy”.
STEP
Open the “Privacy” tab.
STEP
Select the “Files and Folders”.
Set file and folder access rights
Set file and folder access rights

The reason we could not access it in our environment was because the “Desktop Folder” was unchecked, as shown in the screen capture.

This time, we happened to be working on the desktop folder.

We don’t remember, but I think we took it off.

Let's share this post !

Author of this article

Akira Hayashiのアバター Akira Hayashi Representative, Software Engineer

I am an application developer loves programming. This blog is a tech blog, its articles are learning notes. In my work, I mainly focus on desktop and mobile application development, but I also write technical books and teach seminars. The websites of my work and books are here -> RK Kaihatsu.

TOC