Skip to content

Web Development

The Ultimate Fix for Docker’s “Permission Denied” Errors on Windows

/ by adam | Leave a comment

If you’re a web developer who splits time between Mac and Windows (using WSL), you’ve almost certainly run into it: the dreaded, workflow-killing “Permission Denied” error.

You edit a file in your IDE, save it, and your web server—running happily inside a Docker container—suddenly can’t read it. Or worse, a script inside the container, like an SCSS compiler, tries to write a new file and fails spectacularly. Your immediate instinct might be to run a reckless sudo chmod -R 777 ., but you know in your heart that’s wrong. You spend the next hour wrestling with chown and chmod, get frustrated, and maybe even switch machines.

This isn’t a flaw in your setup; it’s a fundamental conflict in how Docker handles file permissions with mounted volumes. But the good news is there’s a permanent, one-time fix that will make your development experience smooth, secure, and consistent across any platform.

The “Why”: It’s a Case of Mistaken Identity

The core of the problem isn’t about usernames, it’s about numeric IDs.

  • On your host machine (whether it’s macOS or WSL on Windows), your user account (adam, for example) has a User ID (UID) and a primary Group ID (GID). This is often 1000:1000.
  • Inside your Docker container, the web server process (like Apache or Nginx) runs as a specific user, most commonly www-data. This user also has a UID and GID, which are often 33:33 or 82:82.
  • When you use a Docker bind mount to link your project folder to a folder inside the container, Docker doesn’t translate the usernames. It only respects the numeric IDs.

Your host machine sees a file owned by user 1000. The container sees that same file and asks, “Does the current user, user 33, have permission to modify a file owned by user 1000?” The answer is almost always no. And that’s where your workflow grinds to a halt.

The Solution: Aligning the Group ID

The most robust and secure way to solve this is to make your host files and your container process agree on a common identity. We won’t change usernames; instead, we’ll align their Group IDs.

The strategy is simple:

  1. Find out the numeric Group ID of the www-data user inside the container.
  2. On your host machine, change the group ownership of your project files to match that ID.
  3. Set the permissions so that both you (the owner) and the group (the web server) can write to the files.

Let’s walk through it step-by-step.

The How-To: A One-Time Setup for Permanent Peace

Perform these steps on your host machine’s terminal (PowerShell/WSL on Windows, or Terminal on Mac).

Step 1: Find the Container’s Group ID (GID)

First, we need to ask the container what GID its web server is using.

Bash

# Replace <your-container-name> with your actual container's name or ID
# We are asking for the group ID (-g) of the www-data user.
docker exec <your-container-name> id -g www-data

This will give you a number. It’s almost always 33 on Debian/Ubuntu-based images or 82 on Alpine-based images. Remember this number.

Step 2: Change File Ownership on Your Host Machine

Now, navigate into your project directory on your host machine. We are going to change the group ownership of every file and folder to the number we just found.

Bash

# Navigate to your project folder
cd /path/to/your/project

# Replace '33' with the GID you got from Step 1.
# Replace 'your_user' with your actual host username (e.g., adam).
# This command recursively (-R) changes the ownership to user:group.
sudo chown -R your_user:33 .

After this, you still own the files, but they now belong to a group that the Docker container recognizes as www-data.

Step 3: Set Correct and Lasting Permissions

This is the final and most crucial step. We’ll set permissions that allow both you and the group to work freely.

Bash

# Still inside your project folder on the host machine.

# Set DIRECTORY permissions to 775.
# This means:
# - Owner (you) can Read, Write, and Execute (rwx)
# - Group (www-data) can Read, Write, and Execute (rwx)
# - Others can only Read and Execute (r-x)
sudo find . -type d -exec chmod 775 {} \;

# Set FILE permissions to 664.
# This means:
# - Owner (you) can Read and Write (rw-)
# - Group (www-data) can Read and Write (rw-)
# - Others can only Read (r--)
sudo find . -type f -exec chmod 664 {} \;

The Magic Bullet: The ‘setgid’ Bit

There’s one more command that will save you from ever having to do this again. The setgid bit forces all new files and folders created in a directory to inherit the group ID of that directory.

Bash

# This is the command that makes the fix permanent.
sudo find . -type d -exec chmod g+s {} \;

Now, when your SCSS compiler running as www-data creates a new CSS file, that file will automatically belong to the correct group, and permissions will be perfect.

Your New Reality

That’s it. You’re done. Forever.

You can now edit files as your user, and the container’s web server can read, write, and execute them as needed. No more conflicts, no more chmod 777, and no more frustration. You’ve conquered one of the most common hurdles in modern web development and can now switch between your Mac and Windows machines with a consistent, reliable, and professional workflow. Happy coding!

Tagged

You might also like

SEO Tools Test Post

Using this post to test my SEO Tools that I am build. This link should be completely broken. On purpose. This is an update to the test post, again.

Read more »

Set Tag Order WordPress Plugin

A few months ago, I was asked to solve what I thought was a simple problem. The question was, “Can we set the display order of tags?” It seemed like a very benign question until I started to dig into it and discovered that it’s, in fact, not a simple question at all. WordPress, by […]

Read more »

Fix Password-Protected Post Access When Using AIO Login Plugin

Background: My company uses AIO Login (formerly Change WP Admin Login) to change the login URL of our WordPress sites to add a little extra security. Problem: Accessing password protected pages does not work when using the AIO Login plugin. Solution: Add a couple of custom functions to your theme’s functions.php file. Details: This solution was tested […]

Read more »

Grip Strength Percentile Calculator Project

Years ago, I worked with a doctor that specialized in sports medicine and physical therapy. He asked me to create a bespoke grip strength calculator that he could use and present to patients of his. I used charts and data available from the NIH to do the math and meet the task requirements. I wrote […]

Read more »

I Launched My First Next.js Project

Pastey.io is my first NextJS project released to the public!

Read more »

Leave a Comment

Your email address will not be published. Required fields are marked *

To top