So far I have not had this problem. I am running a container image in a remote workstation. Different than normal, this workstation is not connected to the internet and I had to initiate the docker deamon manually. (for reference)
After this to run the container I tried to do
docker run -it -t --rm --gpus all --env CUDA_VISIBLE_DEVICES -v "/mnt/disco/projects/ThisProject/:/home/ThisProject/" -w "/
home/ThisProject/" container_image:latest /bin/bash
When I do this I got into the container on folder /home/ThisProject with root user but I cannot ls here. I do cd .. and ls -l and I can see that the ThisProject folder has this
drwxrws--- 7 nobody nogroup 4096 Jul 21 07:30 ThisProject
As you can see the owner is "nobody"
What can I do to correct this?
Related
I want to provide write access to a non-root user in a docker container for a volume mounted on the host. I have the same non-root user and group inside container and host as well.
While running the container, I mount a host volume to it -v /some/folder:/some/folder. I am doing this because my application running inside the docker container needs to write files to the mounted host folder. But since I am running my application as a non-root user, it doesn’t have permission to write to that folder.
Also, I this mounted folder permission is got changed inside the container automatically.
I have given assigned below user and group as an owner to this folder on the host:
“nonrootuser1:nonrootgroup1”
For 'rootful' docker it works fine, but if it's rootless inside the container it is showing below user and group as an owner to this folder:
“root:nobody”
Steps to reproduce this:
Add user and group on the host
groupadd -g 1015 nonrootgroup1
useradd -u 1099 nonrootuser1
Create dir which will be assigned to osquery groupadd on the host:
sudo su
mkdir -p /var/osquery/sock
echo "hello world" > /var/osquery/sock/file.txt
chown root:nonrootgroup1 /var/osquery/sock
chmod g+s /var/osquery/sock/
Create Dockerfile in the home directory :
FROM alpine:3.14
RUN addgroup -g 1015 -S nonrootgroup1
RUN adduser -D nonrootuser1 -u 1099
USER nonrootuser1:nonrootgroup1
CMD ["tail", "-f", "/dev/null"]
Run docker container :
docker run --rm -d --name sample-app -v /var/osquery/sock:/var/osquery/sock $(docker build . -q)
Check the user id of the container :
dmytro#dmytro:~/dev/sample-image$ docker exec sample-app id
uid=1099(nonrootuser1) gid=1015(nonrootgroup1) groups=1015(nonrootgroup1)
check the permissions to the /var/osquery/sock dir inside the container :
Directory /var/osquery/sock is assigned to group 'nobody' instead of 'nonrootgroup1' group
dmytro#dmytro:~/dev/sample-image$ docker exec sample-app ls -lah /var/osquery
total 12K
drwxr-xr-x 3 root root 4.0K Dec 28 10:47 .
drwxr-xr-x 1 root root 4.0K Dec 28 10:47 ..
drwxr-s--- 2 nobody nobody 4.0K Dec 28 09:34 sock
Host details are mentioned below:
Kernel Version: 5.4.0-135-generic
Operating System: Ubuntu 20.04.5 LTS
Storage Driver: overlay2
Please suggest.
Thanks!
I tried to setup in the daemon.json "userns-remap" config, but docker daemon doesn't start with it, because it lacks permission to create dockremap user and group.
I'm trying to run a simple docker container with a python base image to control the LEDs on my RPi4.
The Dockerfile compiles fine and I'm running it as follows:
docker run --rm -ti --privileged --device /dev/gpiomem:/dev/gpiomem -d led_blinker bash
Once inside the docker container I run a ls -l /dev/gpiomem and I get
root#ca1506d00cc5:/# ls -l /dev/gpiomem
crw-rw---- 1 nobody nogroup 246, 0 Dec 30 21:47 /dev/gpiomem
I try to do
root#ca1506d00cc5:/# chown root.root /dev/gpiomem
chown: changing ownership of 'dev/gpiomem': Operation not permitted
But when I run a whoami I get I'm the root user. What is that I'm missing?
PS. I have also added the flag --user root and got the same results.
This question already has answers here:
I lose my data when the container exits
(11 answers)
Closed 3 years ago.
I pulled Ubuntu image using docker pull.
I connect to the container using docker exec and then create a file and then exit.
Again, when I execute docker exec file is lost.
How to maintain the file in that container, I have tried dockerfile and tagging docker images, it works.
But, is there any other way to maintain the files in docker container for a longer time?
One option is to commit your changes. After you've added the file, and while the container is still running, you should run:
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Another option, maybe you'll want to use a volume, but that depends on your logic and needs.
The best way to persist content in containers its with Docker Volumes:
╭─exadra37#exadra37-Vostro-470 ~/Developer/DevNull/stackoverflow
╰─➤ sudo docker run --rm -it -v $PWD:/data ubuntu
root#00af7ccf1d3b:/# echo "Persits data with Docker Volumes" > /data/docker-volumes.txt
root#00af7ccf1d3b:/# cat /data/docker-volumes.txt
Persits data with Docker Volumes
root#00af7ccf1d3b:/# exit
╭─exadra37#exadra37-Vostro-470 ~/Developer/DevNull/stackoverflow
╰─➤ ls -al
total 12
drwxr-xr-x 2 exadra37 exadra37 4096 Nov 25 15:34 .
drwxr-xr-x 8 exadra37 exadra37 4096 Nov 25 15:33 ..
-rw-r--r-- 1 root root 33 Nov 25 15:34 docker-volumes.txt
╭─exadra37#exadra37-Vostro-470 ~/Developer/DevNull/stackoverflow
╰─➤ cat docker-volumes.txt
Persits data with Docker Volumes
The docker command explained:
sudo docker run --rm -it -v $PWD:/data alpine
I used the flag -v to map the current dir $PWD to the /data dir inside the container
inside the container:
I wrote some content to it
I read that same content
I exited the container
On the host:
I used ls -al to confirm that the file was persisted to my computer.
I confirmed could access that same file in my computer filesystem.
I can't mount directory. I'm using linux containers on win10.
docker run --rm -v c:\users\pperak:/data alpine ls /data -la
docker run --rm -v /c/users/pperak:/data alpine ls /data -la
ls -la returns
drwxr-xr-x 2 root root 40 Feb 14 15:29 .
drwxr-xr-x 1 root root 4096 Feb 14 15:33 ..
https://docs.docker.com/storage/bind-mounts/ says not to use --volume and use --mount instead
docker run --rm --mount type=bind,source=c:\users\pperak,target=/data alpine ls /data -la
docker run --rm --mount type=bind,source=/c/users/pperak,target=/data alpine ls /data -la
But this also doesn't work.
What am I doing wrong?
After spending half a day on it I reminded myself that I once had similar problem. Some files not visible and other visible as folders after adding Docker volume
(Some files not visible and other visible as folders after adding Docker volume)
It didn't work because I changed password and after you change your password you need to disable sharing drives and enable it again. You will be asked for your password then and it will work again.
I'm developing a symfony application with docker.
I' sharing a host volume which it's supposed to contain my project that should be run with apache.
docker run -d -ti --name web -p 80:80 -v /Users/Matteo/Documents/em3:/var/www/html/applications ubuntu /bin/bash
As a base image I've used ubuntu, on which I've installed apache and PHP7. Everything works, but when I enter into my docker:
docker exec -it web /bin/bash
root#85a23559d01b:/var/www/html/applications/auth# app/console cache:clear --env=dev
[Symfony\Component\Filesystem\Exception\IOException]
Failed to remove directory "/var/www/html/applications/auth/app/cache/de~/jms_serializer": .
This is maybe because the dir permissions?:
root#85a23559d01b:/var/www/html/applications/auth/app# ls -al | grep cache
drwxr-xr-x 1 1000 staff 374 Oct 30 21:50 cache
chmod does no change anything though:
root#85a23559d01b:/var/www/html/applications/auth/app# chmod g+w cache
root#85a23559d01b:/var/www/html/applications/auth/app# ls -al | grep cache
drwxr-xr-x 1 1000 staff 374 Oct 30 21:50 cache
I guess I'm missing something. Any help would be appreciated
As commented in symfony issue 2600
you can "easily" reproduce this if you use a Linux VirtualBox on a Windows host.
[And that might be the case here, using boot2docker from Docker Toolbox, instead of Docker for Windows and its Hyper-V]
cache:clear is never able to remove app/cache/dev_old - but that may be an issue with the shared folder system provided by VirtualBox (read about similar issues on their forums).
You have to upgrade VirtualBox Guest Additions
The OP Bertuz points out in the comments to "Changing boot2docker to use NFS for local mounts in OS X" and its file-nfs-mount-boot2docker-sh gist (and a more recent one).