Develop Reference

permission denied creating directories as non-root in docker

I have a script which must be run as a non-root. This script also creates directories and files. If I run the script as a non-root user in docker, I get a permission denied error creating dirs. I tried to chmod the parent directory the script is in but it doesn't work. What should be the best practice here?
RUN mkdir test
WORKDIR /test
USER testuser
RUN mkdir .cache <--- permission denied

That happens because your /test directory was created by root, and by default won't allow any other users to create anything in it. To change ownership to the user you want, you can use chown before your USER testuser step:
RUN chown testuser /test
If there are already files inside the directory, you will need to pass the -R flag to change the permission recursively:
RUN chown -R testuser /test
Another option would be giving the directory red+write+execute permissions for all users. However, this is probably NOT what you want, the above should serve you well for almost all cases.
RUN chmod 777 /test

Kafka-connect docker image built as appuser - how to build it as root?

I am trying to build a Kafka-Connect image in Docker:
FROM confluentinc/cp-kafka-connect
RUN confluent-hub install --no-prompt wepay/kafka-connect-bigquery:1.6.1
RUN confluent-hub install --no-prompt confluentinc/connect-transforms:latest
RUN mkdir -p /usr/share/landoop-plugins
COPY kafka-connect-redis-1.2.2-2.1.0-all.jar /usr/share/landoop-plugins/
but it runs as appuser
Step 4/4 : RUN id
---> Running in d2094f6336a7
uid=1000(appuser) gid=1000(appuser) groups=1000(appuser)
so if I want for example
RUN mkdir -p /usr/share/landoop-plugins
it stops because of root privilages:
mkdir: cannot create directory '/usr/share/landoop-plugins': Permission denied
The command '/bin/sh -c mkdir -p /usr/share/landoop-plugins' returned a non-zero code: 1
I can add USER root at the beginning of Dockerfile:
Step 3/15 : RUN id
---> Running in 6255e2e7ff81
uid=0(root) gid=0(root) groups=0(root)
but then if I ran the container, I am logged as appuser which causes problems with permissions:
[appuser#connect ~]$.
Actually, in source image
confluentinc/cp-kafka-connect:6.0.0
there is a layer USER appuser so my question is how can I build my image as root and then login as root and do not use appuser user. I've tried and USER root does not help.
Is it somehow connected with groups?
groups
gignac sudo docker
I tried docker build and sudo docker build as well

I do something similar, when I need to create my own plugin to Kafka Connect but I don't exactly do it as root.
Simply I put my jars in a place I have permission to write and just configure the plugins Environment Setting
something like this:
FROM confluentinc/cp-kafka-connect:5.5.2
ENV CONNECT_PLUGIN_PATH='/usr/share/java,/usr/share/confluent-hub-components'
COPY converter/* /usr/share/java/kafka-serde-tools/
COPY format/* /usr/share/java/kafka-connect-storage-common/
would this not work?

For installing packages and troubleshooting, we would require root user. Using version 5.5.3 does the trick wherein the APPUSER is not created and root is loaded by default.
The version can be verified by
http://localhost:8083/connectors
which provides the version details.

Docker RUN Not Finding an Executable File

I am having issues setting up a Dockerfile in Ubuntu. I tried the following command:
sudo docker build -t chaste .
But when it reaches to the following command:
RUN chmod +x chaste.sh && ./chaste.sh -q && rm -f chaste.sh
I get the following error:
chmod: cannot access 'chaste.sh': No such file or directory
However, chaste.sh is in the current directory. I am not sure why it complains about not being able to find it.
I would appreciate it if someone could help me out.

To use the file from current directory you should add it from build context to the container by adding the following command above RUN command in your Dockerfile:
ADD ./chaste.sh ./chaste.sh

mkdir: cannot create directory '/ffa_app': Permission denied

I am trying to create a Dockerfile for an app which I want to run inside the docker. I am running the app using the command activator run.
and this command is inside the file structure
xyz\Desktop\ffa_predix\activator-1.2.10.
So, I have gone inside the file and put my Dockerfile there with the following content.
FROM jboss/base-jdk:7
RUN mkdir -p /ffa_app
COPY . /ffa_app
WORKDIR /ffa_app
CMD ["activator" , "run"]
EXPOSE 9000
But after going to the second line it's giving me the error:
mkdir: cannot create directory '/ffa_app': Permission denied.

The user set by the base image is jboss, so you have 2 options:
create and work in the user's home folder mkdir -p ~/ffa_app
set USER root at the top of your Dockerfile, after the FROM statement
Needless to say, I'd recommend sticking to a user with lower privileges.

Error checking context is accessible: 'can't stat '.gvfs''. Please check permissions and try again

I created a Dockerfile in my root.
FROM ubuntu:12.04
MAINTAINER Bhim Singh <bhim3003#gmail.com>
RUN apt-get y install java
CMD echo hello
then i tried to run this command : sudo docker build -t bhim3003/myjava .
I am recieving this error:
" Error checking context is accessible: 'can't stat '.gvfs''. Please
check permissions and try again."
And docker image is not created. Any suggestions?

I faced the same issue while working with boot2docker on Windows 7. However I was able to build it successfully after moving dockerfile outside home directory.

In my case this issue is occurred because when we call docker build all files searched in working directory and as docker does not run with administrator privilege cannot access to some files and this error generated.
Solution:
Move to directory which all user can accessed (for example: /c)
Create new directory (sep)
Create Dockerfile in new directory
Run build
commands:
$ cd /c
$ mkdir sep
$ cd sep
$ touch Dockerfile
# vi Dockerfile
# docker build -t fahsep/debian