I recently moved docker files from /var/lib/docker to /home/username/.docker. After that, when running docker, an error began to occur:
WARNING: Error loading config file: /home/username/.docker/config.json: open /home/username/.docker/config.json: permission denied
The problem is solved as follows:
sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
sudo chmod g+rwx "/home/$USER/.docker" -R
But when restart the docker service or rebooting system, the rights to the .docker folder automatically changes to the root user and the error is repeated.
Related
I am using Docker and Docker Compose to manage my containers. For backup reasons, I previously had all my Docker files (volumes etc.) running on /home/docker which was symlinked via /var/lib/docker -> /home/docker.
After a while I decided moving my /home/docker directory to a different SSD using
$ cp -r /home/docker /my/new/ssd/docker
$ rm /var/lib/docker
$ ln -s /my/new/ssd/docker /var/lib/docker
$ rm -r /home/docker
which I fear changed all the permissions since I can't run most of the containers anymore due to permission issues.
Example:
Azuracast throws following error:
{"level":"error","time":"2022-07-22T23:30:02.243","sender":"service","message":"error initializing data provider: open /var/azuracast/sftpgo/sftpgo.db: permission denied"}
where /var/azuracast is being stored on a docker volume.
I now want to restore all those permissions.
Is there a way to restore Docker permissions for all existing volumes or to tell Docker to take care of this?
What I tried so far:
I recursively changed all permissions to root:root using chown -R root:root /my/new/ssd/docker.
This problem is causing serious issues for my server environment and I'm aware that using cp -r instead of rsync -aAX was a huge mistake so I would greatly appreciate any help here.
Thanks a lot in advance.
I have a script which must be run as a non-root. This script also creates directories and files. If I run the script as a non-root user in docker, I get a permission denied error creating dirs. I tried to chmod the parent directory the script is in but it doesn't work. What should be the best practice here?
RUN mkdir test
WORKDIR /test
USER testuser
RUN mkdir .cache <--- permission denied
That happens because your /test directory was created by root, and by default won't allow any other users to create anything in it. To change ownership to the user you want, you can use chown before your USER testuser step:
RUN chown testuser /test
If there are already files inside the directory, you will need to pass the -R flag to change the permission recursively:
RUN chown -R testuser /test
Another option would be giving the directory red+write+execute permissions for all users. However, this is probably NOT what you want, the above should serve you well for almost all cases.
RUN chmod 777 /test
I'm trying to build a Docker image using a user other than root. My Dockerfile looks like
FROM ruby:2.7.1-alpine3.12
...
# Add user
RUN addgroup --system cetacean && \
adduser --system mobydick --ingroup cetacean --no-create-home
USER mobydick
...
# Copy startup files
COPY --chown=mobydick:cetacean docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY --chown=mobydick:cetacean docker/docker-entrypoint.d/* /docker-entrypoint.d/
COPY --chown=mobydick:cetacean docker/docker-entrypoint.sh /docker-entrypoint.sh
But, when I try to start a container I get:
ERROR: for app Cannot start service app: OCI runtime create failed:
container_linux.go:349: starting container process caused "exec:
"/docker-entrypoint.sh": permission denied": unknown
From my understanding, using --chown=mobydick:cetacean when copying the files should set the appropriate permissions.
What am I missing here?
What is the version of docker you are using. This is working only for version v17.09.0-ce and newer as explain here. If your are usin an older version, you can copy then change the permission.
I have Dockerfile as shown here.
A script in the entrypoint creates a directory and places few artifacts.
# from base image
FROM ......
RUN mkdir -p /home/myuser
RUN groupadd -g 999 myuser &&\
useradd -r -u 999 -g myuser myuser
ENV HOME=/home/myuser
ENV APP_HOME=/home/myuser/workspace
RUN mkdir $APP_HOME
WORKDIR $APP_HOME
RUN chown -R myuser:myuser $APP_HOME
USER myuser
ENTRYPOINT ......
I start a container for the above image as shown here
sudo docker run -v ${WORKSPACE}/output:/home/myuser/workspace/output image
I could not get the artifacts in the host machine. ${WORKSPACE}/output created with permission drwxr_xr_x
What is the process to get the container files into the host machine?
Additional Info:
My host username is kit
container user is myuser
container works perfectly fine - at the time of creating output file it throws an error that Permission denied
I tried to give full permission drwxrwxrwx to ${WORKSPACE}/output. then i could see the output files.
The permission denied error is because you are running a container with uid 999, but trying to write to a host directory that is owned by uid 1000 and only configured to allow writes by the user. You can:
chmod the directory to allow anyone to write (not recommended, but quick and easy)
update your image to match the uid/gid of your user on the host
switch to using a named volume
use an entrypoint to align the container uid/gid to that of a volume mount before starting your app
I go into a bit more detail on these in my slides here. There are also some speaker notes in there (I believe either P or S will bring them up).
I'm trying to write a Dockerfile file to run Pydio community edition. I've an almost working Dockerfile.
RUN mv pydio-core-${PYDIO_VERSION} /var/www/pydio-core
RUN chmod -R 770 /var/www/pydio-core
RUN chmod -R 777 /var/www/pydio-core/data/files/ /var/www/pydio-core/data/personal/
RUN chown -R www-data:www-data /var/www/pydio-core
VOLUME /var/www/pydio-core/data/files
VOLUME /var/www/pydio-core/data/personal
This works except that when the container is started for the first time, the access rights of the files and personal folders is 755 and their owner is not www-data but 1000. So once started, I must connect the container to fix permissions (770) and ownership (www-data) and everything works.
I just wonder if it may have something in my Dockerfile which could explain the problem, or if the issue probably comes from the Pydio source code itself.