Skip to main content

Docker Volumes & Storage

📁 14. What are Docker volumes, and why are they needed?​

Docker volume āĻšāĻ˛ā§‹ Docker-āĻāĻ° manage āĻ•āĻ°āĻž āĻāĻ•āĻŸāĻŋ persistent storage mechanism, āĻ¯āĻž container-āĻāĻ° āĻŦāĻžāĻ‡āĻ°ā§‡ data āĻ¸āĻ‚āĻ°āĻ•ā§āĻˇāĻŖ āĻ•āĻ°ā§‡āĨ¤

āĻ•ā§‡āĻ¨ āĻĻāĻ°āĻ•āĻžāĻ°? Container āĻ¸ā§āĻŦāĻžāĻ­āĻžāĻŦāĻŋāĻ•āĻ­āĻžāĻŦā§‡ stateless — āĻ…āĻ°ā§āĻĨāĻžā§Ž container āĻŦāĻ¨ā§āĻ§ āĻŦāĻž delete āĻšāĻ˛ā§‡ āĻ¤āĻžāĻ° āĻ­ā§‡āĻ¤āĻ°ā§‡āĻ° āĻ¸āĻŦ data āĻŽā§āĻ›ā§‡ āĻ¯āĻžāĻ¯āĻŧāĨ¤ āĻ•āĻŋāĻ¨ā§āĻ¤ā§ real-world application-āĻ database, log file, āĻŦāĻž user-uploaded content āĻāĻ° āĻŽāĻ¤ā§‹ data persistent āĻ°āĻžāĻ–āĻž āĻœāĻ°ā§āĻ°āĻŋāĨ¤ Volume āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ•āĻ°āĻ˛ā§‡:

  • Container delete āĻšāĻ˛ā§‡āĻ“ data āĻĨāĻžāĻ•ā§‡
  • āĻāĻ•āĻžāĻ§āĻŋāĻ• container āĻāĻ•āĻ‡ data share āĻ•āĻ°āĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡
  • Data backup āĻ“ migrate āĻ•āĻ°āĻž āĻ¸āĻšāĻœ āĻšāĻ¯āĻŧ
  • Host filesystem āĻĨā§‡āĻ•ā§‡ independent āĻĨāĻžāĻ•ā§‡, āĻ¤āĻžāĻ‡ portable

What is the difference between a volume, a bind mount, and a tmpfs mount?​

āĻŦā§ˆāĻļāĻŋāĻˇā§āĻŸā§āĻ¯VolumeBind Mounttmpfs Mount
Storage locationDocker-managed directoryHost-āĻāĻ° āĻ¯ā§‡āĻ•ā§‹āĻ¨ā§‹ pathRAM (memory)
PortabilityāĻŦā§‡āĻļāĻŋ portableHost path-āĻāĻ° āĻ‰āĻĒāĻ° āĻ¨āĻŋāĻ°ā§āĻ­āĻ°āĻļā§€āĻ˛N/A
Data persistenceāĻšā§āĻ¯āĻžāĻāĻšā§āĻ¯āĻžāĻāĻ¨āĻž (container āĻŦāĻ¨ā§āĻ§ā§‡ āĻŽā§āĻ›ā§‡ āĻ¯āĻžāĻ¯āĻŧ)
PerformanceāĻ­āĻžāĻ˛ā§‹OS-dependentāĻ¸āĻŦāĻšā§‡āĻ¯āĻŧā§‡ āĻĻā§āĻ°ā§āĻ¤
āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°ā§‡āĻ° āĻ•ā§āĻˇā§‡āĻ¤ā§āĻ°Production data, databaseDevelopment, source codeSensitive/temporary data

Volume — Docker āĻ¨āĻŋāĻœā§‡ manage āĻ•āĻ°ā§‡, āĻ¸āĻŦāĻšā§‡āĻ¯āĻŧā§‡ recommended approachāĨ¤

Bind Mount — Host machine-āĻāĻ° specific directory āĻ¸āĻ°āĻžāĻ¸āĻ°āĻŋ container-āĻ mount āĻ•āĻ°āĻž āĻšāĻ¯āĻŧāĨ¤ Development-āĻ source code share āĻ•āĻ°āĻ¤ā§‡ āĻ•āĻžāĻœā§‡ āĻ˛āĻžāĻ—ā§‡āĨ¤

tmpfs Mount — āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° memory-āĻ¤ā§‡ āĻĨāĻžāĻ•ā§‡, disk-āĻ āĻ˛ā§‡āĻ–ā§‡ āĻ¨āĻžāĨ¤ Sensitive data (āĻ¯ā§‡āĻŽāĻ¨ secret, token) temporary āĻ°āĻžāĻ–āĻžāĻ° āĻœāĻ¨ā§āĻ¯ āĻ‰āĻĒāĻ¯ā§āĻ•ā§āĻ¤āĨ¤

Where does Docker store volume data on the host filesystem?​

Linux host-āĻ Docker volume-āĻāĻ° data āĻ¸āĻ‚āĻ°āĻ•ā§āĻˇāĻŋāĻ¤ āĻšāĻ¯āĻŧ:

/var/lib/docker/volumes/<volume_name>/_data

āĻ‰āĻĻāĻžāĻšāĻ°āĻŖ, myapp_data āĻ¨āĻžāĻŽā§‡āĻ° volume-āĻāĻ° data āĻĨāĻžāĻ•āĻŦā§‡:

/var/lib/docker/volumes/myapp_data/_data

āĻ¨ā§‹āĻŸ: Windows āĻŦāĻž macOS-āĻ Docker āĻāĻ•āĻŸāĻŋ Linux VM-āĻāĻ° āĻ­ā§‡āĻ¤āĻ°ā§‡ āĻšāĻ˛ā§‡, āĻ¤āĻžāĻ‡ āĻāĻ‡ path āĻ¸āĻ°āĻžāĻ¸āĻ°āĻŋ host āĻĨā§‡āĻ•ā§‡ accessible āĻ¨āĻžāĻ“ āĻšāĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡āĨ¤

Volume inspect āĻ•āĻ°āĻ¤ā§‡:

docker volume inspect myapp_data

What is the difference between named volumes and anonymous volumes?​

Named Volume:

  • Explicitly āĻāĻ•āĻŸāĻŋ āĻ¨āĻžāĻŽ āĻĻāĻŋāĻ¯āĻŧā§‡ āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°āĻž āĻšāĻ¯āĻŧ
  • āĻ¸āĻšāĻœā§‡ āĻĒā§āĻ¨āĻ°āĻžāĻ¯āĻŧ reference āĻ•āĻ°āĻž āĻ¯āĻžāĻ¯āĻŧ
  • docker volume ls-āĻ clearly āĻĻā§‡āĻ–āĻž āĻ¯āĻžāĻ¯āĻŧ
  • Recommended for production use
# Named volume āĻ¤ā§ˆāĻ°āĻŋ
docker volume create myapp_data

# Container-āĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°
docker run -v myapp_data:/app/data myimage

Anonymous Volume:

  • āĻ•ā§‹āĻ¨ā§‹ āĻ¨āĻžāĻŽ āĻĻā§‡āĻ“āĻ¯āĻŧāĻž āĻšāĻ¯āĻŧ āĻ¨āĻž, Docker automatically āĻāĻ•āĻŸāĻŋ random ID assign āĻ•āĻ°ā§‡
  • Container delete āĻšāĻ˛ā§‡ āĻāĻŸāĻŋ orphaned āĻšāĻ¯āĻŧā§‡ āĻ¯āĻžāĻ¯āĻŧ
  • Track āĻ•āĻ°āĻž āĻ•āĻ āĻŋāĻ¨, āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻ¤ avoid āĻ•āĻ°āĻž āĻ‰āĻšāĻŋāĻ¤
# Anonymous volume (āĻ¨āĻžāĻŽ āĻ¨ā§‡āĻ‡)
docker run -v /app/data myimage

āĻ¸āĻšāĻœ āĻ¨āĻŋāĻ¯āĻŧāĻŽ: Production-āĻ āĻ¸āĻŦāĻ¸āĻŽāĻ¯āĻŧ named volume āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ•āĻ°ā§āĻ¨āĨ¤

How do you share a volume between multiple containers?​

āĻāĻ•āĻ‡ named volume āĻāĻ•āĻžāĻ§āĻŋāĻ• container-āĻ mount āĻ•āĻ°āĻ˛ā§‡āĻ‡ āĻ¤āĻžāĻ°āĻž āĻāĻ•āĻ‡ data access āĻ•āĻ°āĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡āĨ¤

āĻ‰āĻĻāĻžāĻšāĻ°āĻŖ — āĻĻā§āĻŸāĻŋ container āĻāĻ•āĻ‡ volume share āĻ•āĻ°āĻ›ā§‡:

# āĻĒā§āĻ°āĻĨāĻŽā§‡ volume āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§āĻ¨
docker volume create shared_data

# āĻĒā§āĻ°āĻĨāĻŽ container āĻšāĻžāĻ˛ā§ āĻ•āĻ°ā§āĻ¨
docker run -d \
  --name container_one \
  -v shared_data:/app/data \
  myimage

# āĻĻā§āĻŦāĻŋāĻ¤ā§€āĻ¯āĻŧ container āĻāĻ•āĻ‡ volume mount āĻ•āĻ°ā§āĻ¨
docker run -d \
  --name container_two \
  -v shared_data:/app/data \
  myimage

āĻāĻ–āĻ¨ container_one āĻ¯āĻž /app/data-āĻ¤ā§‡ āĻ˛āĻŋāĻ–āĻŦā§‡, container_two-āĻ“ āĻ¸ā§‡āĻŸāĻž read āĻ•āĻ°āĻ¤ā§‡ āĻĒāĻžāĻ°āĻŦā§‡āĨ¤

Docker Compose-āĻ:

version: "3.8"

services:
  app:
    image: myimage
    volumes:
      - shared_data:/app/data

  worker:
    image: myworker
    volumes:
      - shared_data:/app/data

volumes:
  shared_data:

āĻ¸āĻ¤āĻ°ā§āĻ•āĻ¤āĻž: āĻāĻ•āĻžāĻ§āĻŋāĻ• container āĻāĻ•āĻ‡ āĻ¸āĻŽāĻ¯āĻŧā§‡ āĻāĻ•āĻ‡ file-āĻ write āĻ•āĻ°āĻ˛ā§‡ race condition āĻšāĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡āĨ¤ āĻāĻ•ā§āĻˇā§‡āĻ¤ā§āĻ°ā§‡ application-level locking āĻŦāĻž database āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ•āĻ°ā§āĻ¨āĨ¤

🔄 15. How do you persist data in Docker containers?​

Container-āĻ data persist āĻ•āĻ°āĻžāĻ° āĻ¤āĻŋāĻ¨āĻŸāĻŋ āĻĒā§āĻ°āĻ§āĻžāĻ¨ āĻ‰āĻĒāĻžāĻ¯āĻŧ āĻ†āĻ›ā§‡:

Volume āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ•āĻ°ā§‡ (āĻ¸āĻŦāĻšā§‡āĻ¯āĻŧā§‡ recommended):

# Volume āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§‡ run āĻ•āĻ°ā§āĻ¨
docker run -d \
  --name myapp \
  -v myapp_data:/app/data \
  myimage

Bind Mount āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ•āĻ°ā§‡ (development-āĻ āĻ‰āĻĒāĻ¯ā§‹āĻ—ā§€):

docker run -d \
  --name myapp \
  -v /host/path:/container/path \
  myimage

Docker Compose-āĻ:

version: "3.8"

services:
  db:
    image: postgres
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  postgres_data:

What happens to data inside a container when it is removed?​

āĻāĻŸāĻŋ āĻ¨āĻŋāĻ°ā§āĻ­āĻ° āĻ•āĻ°ā§‡ data āĻ•ā§‹āĻĨāĻžāĻ¯āĻŧ āĻ›āĻŋāĻ˛ āĻ¤āĻžāĻ° āĻ‰āĻĒāĻ°:

Data āĻ•ā§‹āĻĨāĻžāĻ¯āĻŧ āĻ›āĻŋāĻ˛Container remove āĻšāĻ˛ā§‡ āĻ•ā§€ āĻšāĻ¯āĻŧ
Container layer (volume āĻ›āĻžāĻĄāĻŧāĻž)āĻ¸āĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āĻŽā§āĻ›ā§‡ āĻ¯āĻžāĻ¯āĻŧ
Named volumeāĻĨā§‡āĻ•ā§‡ āĻ¯āĻžāĻ¯āĻŧ, volume āĻ†āĻ˛āĻžāĻĻāĻžāĻ­āĻžāĻŦā§‡ exist āĻ•āĻ°ā§‡
Bind mountāĻĨā§‡āĻ•ā§‡ āĻ¯āĻžāĻ¯āĻŧ, host filesystem-āĻ āĻ¸āĻ‚āĻ°āĻ•ā§āĻˇāĻŋāĻ¤
Anonymous volumeOrphaned āĻšāĻ¯āĻŧ, manually cleanup āĻ¨āĻž āĻ•āĻ°āĻ˛ā§‡ disk āĻ­āĻ°ā§‡ āĻ¯āĻžāĻ¯āĻŧ

āĻ—ā§āĻ°ā§āĻ¤ā§āĻŦāĻĒā§‚āĻ°ā§āĻŖ: docker rm -v āĻĻāĻŋāĻ˛ā§‡ container-āĻāĻ° āĻ¸āĻžāĻĨā§‡ anonymous volume-āĻ“ delete āĻšāĻ¯āĻŧāĨ¤ Named volume āĻ•āĻ–āĻ¨ā§‹ automatically delete āĻšāĻ¯āĻŧ āĻ¨āĻžāĨ¤

How would you back up and restore a Docker volume?​

Backup āĻ•āĻ°āĻžāĻ° āĻĒāĻĻā§āĻ§āĻ¤āĻŋ:

āĻāĻ•āĻŸāĻŋ temporary container āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§‡ volume mount āĻ•āĻ°ā§āĻ¨, āĻ¤āĻžāĻ°āĻĒāĻ° tar āĻĻāĻŋāĻ¯āĻŧā§‡ compress āĻ•āĻ°ā§āĻ¨:

docker run --rm \
  -v myapp_data:/data \
  -v $(pwd):/backup \
  ubuntu \
  tar czf /backup/myapp_backup.tar.gz -C /data .

āĻāĻ‡ command-āĻŸāĻŋ myapp_backup.tar.gz āĻ¨āĻžāĻŽā§‡ current directory-āĻ¤ā§‡ backup file āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°āĻŦā§‡āĨ¤

Restore āĻ•āĻ°āĻžāĻ° āĻĒāĻĻā§āĻ§āĻ¤āĻŋ:

# āĻĒā§āĻ°āĻĨāĻŽā§‡ āĻ¨āĻ¤ā§āĻ¨ volume āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§āĻ¨
docker volume create myapp_data_restored

# Backup āĻĨā§‡āĻ•ā§‡ data restore āĻ•āĻ°ā§āĻ¨
docker run --rm \
  -v myapp_data_restored:/data \
  -v $(pwd):/backup \
  ubuntu \
  tar xzf /backup/myapp_backup.tar.gz -C /data

āĻ…āĻ¨ā§āĻ¯ machine-āĻ migrate āĻ•āĻ°āĻ¤ā§‡:

# ā§§. Backup āĻ¨āĻŋāĻ¨ (āĻ†āĻ—ā§‡āĻ° command)

# ā§¨. File transfer āĻ•āĻ°ā§āĻ¨ (scp āĻŦāĻž āĻ…āĻ¨ā§āĻ¯ āĻ‰āĻĒāĻžāĻ¯āĻŧā§‡)
scp myapp_backup.tar.gz user@remote-server:/path/

# ā§Š. Remote server-āĻ restore āĻ•āĻ°ā§āĻ¨
docker volume create myapp_data
docker run --rm \
  -v myapp_data:/data \
  -v /path:/backup \
  ubuntu \
  tar xzf /backup/myapp_backup.tar.gz -C /data

What is the difference between using volumes and writing to the container layer?​

Container layer āĻšāĻ˛ā§‹ container-āĻāĻ° āĻ¨āĻŋāĻœāĻ¸ā§āĻŦ writable layer, āĻ¯āĻž image-āĻāĻ° āĻ‰āĻĒāĻ°ā§‡ āĻĨāĻžāĻ•ā§‡āĨ¤

āĻŦāĻŋāĻˇāĻ¯āĻŧVolumeContainer Layer
PersistenceContainer delete āĻšāĻ˛ā§‡āĻ“ āĻĨāĻžāĻ•ā§‡Container delete āĻšāĻ˛ā§‡ āĻŽā§āĻ›ā§‡ āĻ¯āĻžāĻ¯āĻŧ
PerformanceNative disk speedCopy-on-Write (CoW) overhead āĻ†āĻ›ā§‡, āĻ¤ā§āĻ˛āĻ¨āĻžāĻŽā§‚āĻ˛āĻ• āĻ§ā§€āĻ°
SharingāĻāĻ•āĻžāĻ§āĻŋāĻ• container share āĻ•āĻ°āĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡āĻļā§āĻ§ā§ āĻ container-āĻ‡ access āĻĒāĻžāĻ¯āĻŧ
BackupāĻ¸āĻšāĻœāĻ•āĻ āĻŋāĻ¨ (docker export āĻ˛āĻžāĻ—ā§‡)
Image sizeImage āĻŦāĻĄāĻŧ āĻšāĻ¯āĻŧ āĻ¨āĻžāĻŦāĻžāĻ°āĻŦāĻžāĻ° write āĻ•āĻ°āĻ˛ā§‡ image layer āĻŦāĻĄāĻŧ āĻšāĻ¯āĻŧ

āĻ•ā§‡āĻ¨ Container Layer-āĻ āĻ˛ā§‡āĻ–āĻž āĻ‰āĻšāĻŋāĻ¤ āĻ¨āĻ¯āĻŧ:

Docker image Copy-on-Write strategy āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ•āĻ°ā§‡āĨ¤ Container layer-āĻ āĻ•āĻŋāĻ›ā§ āĻ˛āĻŋāĻ–āĻ˛ā§‡ Docker āĻĒā§āĻ°āĻĨāĻŽā§‡ āĻĒā§āĻ°ā§‹ file-āĻŸāĻŋ image layer āĻĨā§‡āĻ•ā§‡ copy āĻ•āĻ°ā§‡ āĻ¤āĻžāĻ°āĻĒāĻ° modify āĻ•āĻ°ā§‡ — āĻāĻŸāĻŋ I/O intensive operation, āĻŦāĻŋāĻļā§‡āĻˇāĻ¤ database āĻŦāĻž large file-āĻāĻ° āĻ•ā§āĻˇā§‡āĻ¤ā§āĻ°ā§‡ significant performance hit āĻšāĻ¯āĻŧāĨ¤

āĻ¨āĻŋāĻ¯āĻŧāĻŽ: āĻ¯ā§‡āĻ•ā§‹āĻ¨ā§‹ data āĻ¯āĻž persist āĻŦāĻž share āĻ•āĻ°āĻ¤ā§‡ āĻšāĻŦā§‡, āĻ¸āĻŦāĻ¸āĻŽāĻ¯āĻŧ volume-āĻ āĻ°āĻžāĻ–ā§āĻ¨āĨ¤

How do you manage volume permissions for non-root users inside containers?​

Container-āĻāĻ° āĻ­ā§‡āĻ¤āĻ°ā§‡ non-root user āĻĻāĻŋāĻ¯āĻŧā§‡ āĻšāĻžāĻ˛āĻžāĻ˛ā§‡ volume-āĻāĻ° directory-āĻ¤ā§‡ write permission āĻ¨āĻž āĻĨāĻžāĻ•āĻ˛ā§‡ "Permission denied" error āĻ†āĻ¸ā§‡āĨ¤

āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻ° āĻ•āĻžāĻ°āĻŖ:

Volume-āĻāĻ° directory default-āĻ root owner āĻšāĻ¯āĻŧāĨ¤ āĻ•āĻŋāĻ¨ā§āĻ¤ā§ application non-root user āĻšāĻŋāĻ¸ā§‡āĻŦā§‡ āĻšāĻ˛āĻ˛ā§‡ āĻ¸ā§‡ write āĻ•āĻ°āĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡ āĻ¨āĻžāĨ¤

āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ ā§§ — Dockerfile-āĻ permission set āĻ•āĻ°ā§āĻ¨:

FROM node:18

# Non-root user āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§āĻ¨
RUN groupadd -r appgroup && useradd -r -g appgroup appuser

# Directory āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§‡ ownership āĻĻāĻŋāĻ¨
RUN mkdir -p /app/data && chown -R appuser:appgroup /app/data

# Non-root user āĻšāĻŋāĻ¸ā§‡āĻŦā§‡ switch āĻ•āĻ°ā§āĻ¨
USER appuser

WORKDIR /app
CMD ["node", "server.js"]

āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ ā§¨ — Entrypoint script āĻĻāĻŋāĻ¯āĻŧā§‡ runtime-āĻ fix āĻ•āĻ°ā§āĻ¨:

#!/bin/sh
# entrypoint.sh

# Volume directory-āĻ° ownership āĻ āĻŋāĻ• āĻ•āĻ°ā§āĻ¨
chown -R appuser:appgroup /app/data

# āĻāĻ°āĻĒāĻ° non-root user āĻšāĻŋāĻ¸ā§‡āĻŦā§‡ app āĻšāĻžāĻ˛ā§ āĻ•āĻ°ā§āĻ¨
exec su-exec appuser "$@"
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["node", "server.js"]

āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ ā§Š — docker run-āĻ user specify āĻ•āĻ°ā§āĻ¨:

# Host user-āĻāĻ° UID āĻĻāĻŋāĻ¯āĻŧā§‡ container āĻšāĻžāĻ˛āĻžāĻ¨
docker run -d \
  --user $(id -u):$(id -g) \
  -v myapp_data:/app/data \
  myimage

āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ ā§Ē — Docker Compose-āĻ:

version: "3.8"

services:
  app:
    image: myimage
    user: "1000:1000"  # UID:GID
    volumes:
      - myapp_data:/app/data

volumes:
  myapp_data:
    driver: local
    driver_opts:
      o: uid=1000,gid=1000  # Volume-āĻāĻ° default ownership

Best practice: Production-āĻ āĻ•āĻ–āĻ¨ā§‹ root user āĻĻāĻŋāĻ¯āĻŧā§‡ container āĻšāĻžāĻ˛āĻžāĻŦā§‡āĻ¨ āĻ¨āĻžāĨ¤ āĻ¸āĻŦāĻ¸āĻŽāĻ¯āĻŧ dedicated non-root user āĻ¤ā§ˆāĻ°āĻŋ āĻ•āĻ°ā§āĻ¨ āĻāĻŦāĻ‚ Dockerfile-āĻāĻ‡ permission āĻ āĻŋāĻ• āĻ•āĻ°ā§āĻ¨ — āĻāĻŸāĻŋ security āĻāĻŦāĻ‚ permission āĻ‰āĻ­āĻ¯āĻŧ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻ° āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ āĻ•āĻ°ā§‡āĨ¤

⚙ī¸ 16. How do bind mounts work, and when should you use them?​

What is the risk of using bind mounts in production?​

How does a bind mount differ from a volume in terms of Docker management?​

How do you mount a configuration file from the host into a container?​