I am using this docker file to setup a server at Digital Ocean. I am getting the following errors
EACCES: permission denied, mkdir 'build/emails'
api_1_5a1c41662228 | EACCES: permission denied, mkdir 'build/routes'
api_1_5a1c41662228 | EACCES: permission denied, mkdir 'build/schema'
api_1_5a1c41662228 | EACCES: permission denied, mkdir 'build/utils'
api_1_5a1c41662228 | EACCES: permission denied, open 'build/Context.js'
and so on for a long time.
I have tried the following things
Chown almost everything there is to be.
Tried it on the different versions of OS
Read various blogs about Docker and giving it root access and tried those solutions.
I am using the most recent version of docker.
P.S. It runs perfectly on Mac. Sadly there are no Mac servers.
More info
ls -ltr on the folder
[root#relay-server-centos fusionauth-relay]# ls -ltr /usr/src/
total 0
drwxr-xr-x. 2 1001 1001 6 Apr 11 2018 kernels
drwxr-xr-x. 2 1001 1001 6 Apr 11 2018 debug
drwxr-xr-x. 3 1001 1001 19 Apr 5 11:24 app
I was able to resolve it right now using the root user, which is a really horrible way to do it. But I am out of ideas right now and any help would be welcomed.
Related
I'm trying to follow the Bazel docker tutorial. I had IT install docker on one of our redhat 7.9 machines and followed the steps of the tutorial and ran the following command:
docker run -e USER="11021" -u="11021" -v `pwd`/workspace:/src/workspace -v `pwd`/build_output:/tmp/build_output -w /src/workspace gcr.io/bazel-public/bazel:latest --output_user_root=`pwd`/build_output build //absl/...
FATAL: mkdir('/<path>/abseil/build_output'): (error: 13): Permission denied
When I look at the file system I see:
drwxrwxrwx 2 11021 users 4096 Feb 3 17:35 build_output
drwxrwxrwx 2 11021 users 4096 Feb 3 17:35 workspace
How do I debug what the problem is?
I'm new to Docker so I might not have some of the terminology correct. Inside the container I'm getting a permission denied error on a directory shared with the host. They appear to have matching uid:gid and the permissions host side are 777. The container is not for running in the background.
I'm using the container to run a big series of untrusted programs one at a time each needing the same initial conditions. So I don't think it's feasible to copy stuff into the docker image at build time. I felt the optimal thing to do is copy the programs one at a time to a temp directory on the host and then share that directory with the fresh container for each run. I also need to collect the output from the container-run programs and keep them on the host so I can see how each program's output differs from the others.
I have looked at the following questions/answers:
Docker: Copying files from Docker container to host
How to fix docker: Got permission denied issue - successfully used to make docker run as someone other than root
How do I add a user when I'm using Alpine as a base image? and Setting up a new user - used to create the user and group
I am:
running docker as an ordinary user uid 1000, gid 1000, also belonging to the group docker
setting permissions on the shared directory host side to be 777 with uid:gid as 1000:1000 which is the same as the user
setting the uid and gid inside the container to match uid and gid from the host
using the Dockerfile to create a uid and gid each of 1000
I read here that If the first argument begins with a / or ~/, you’re creating a bindmount. Remove that, and you’re naming the volume. So I tried both. The bindmount version seems to have the correct uid:gid but is permission denied, the volume version comes out as root:root.
As a newbie it's hard to know what information to share so here's everything I think might be useful:
Docker command attempt 1
[osboxes#osboxes tmp]$ pwd
/var/tmp
osboxes#osboxes tmp]$ whoami
osboxes
[osboxes#osboxes tmp]$ grep osboxes /etc/passwd
osboxes:x:1000:1000:osboxes.org:/home/osboxes:/bin/bash
[osboxes#osboxes tmp]$ groups
osboxes wheel vboxsf docker
[osboxes#osboxes tmp]$ grep osboxes /etc/group
wheel:x:10:osboxes
osboxes:x:1000:osboxes
vboxsf:x:981:osboxes
docker:x:1001:osboxes
[osboxes#osboxes tmp]$ ls -al
total 2
drwxrwxrwt. 11 root root 4096 Dec 31 12:13 .
drwxr-xr-x. 21 root root 4096 Jul 5 05:00 ..
drwxr-xr-x. 2 abrt abrt 6 Jul 5 05:00 abrt
drwxrwxrwx. 2 osboxes osboxes 6 Dec 31 12:13 host
continues...
[osboxes#osboxes tmp]$ docker run --rm -v /var/tmp/host:/var/tmp/container:rw \
--user appuser:appgroup --workdir /var/tmp/container \
-it alpine_bash_jdk11 /bin/bash
bash-5.0$ pwd
/var/tmp/container
bash-5.0$ ls -al
ls: can't open '.': Permission denied
total 0
bash-5.0$ ls -al ..
total 0
drwxrwxrwt 1 root root 23 Dec 31 12:51 .
drwxr-xr-x 1 root root 17 Dec 16 10:31 ..
drwxrwxrwx 2 appuser appgroup 6 Dec 31 12:13 container
bash-5.0$ whoami
appuser
bash-5.0$ groups
appgroup
bash-5.0$ grep appuser /etc/passwd
appuser:x:1000:1000:Linux User,,,:/home/appuser:/sbin/nologin
bash-5.0$ grep appuser /etc/group
appgroup:x:1000:appuser
Docker command attempt 2
everything as before except
for removing the qualified path to the host's
/var/tmp/host directory
docker run --rm -v host:/var/tmp/container:rw \
--user appuser:appgroup --workdir /var/tmp/container \
-it alpine_bash_jdk11 /bin/bash
bash-5.0$ pwd
/var/tmp/container
bash-5.0$ ls -al
total 0
drwxr-xr-x 2 root root 6 Dec 31 12:13 .
drwxrwxrwt 1 root root 23 Dec 31 13:03 ..
bash-5.0$ ls -al ..
total 0
drwxrwxrwt 1 root root 23 Dec 31 13:03 .
drwxr-xr-x 1 root root 17 Dec 16 10:31 ..
drwxr-xr-x 2 root root 6 Dec 31 12:13 container
bash-5.0$ whoami
appuser
bash-5.0$ groups
appgroup
bash-5.0$ echo hello from contanier > container.msg.txt
bash: container.msg.txt: Permission denied
Docker build command
as user osboxes
docker build -t alpine_bash_jdk11 .
Dockerfile
FROM alpine:latest
RUN apk --no-cache update
RUN apk add --no-cache bash
RUN apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
ENV JAVA_HOME="/usr/lib/jvm/default-jvm"
ENV PATH=$PATH:${JAVA_HOME}/bin
RUN addgroup -g 1000 -S appgroup && adduser -S appuser -G appgroup -u 1000
USER appuser
I haven't used docker compose because I'm still getting my head round basic docker.
Virtual Machine which is the Docker Host
CentOS 7.2003 from osboxes.org, organization's decision, not mine
Linux osboxes 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
I did a yum update, then yum installed all the stuff needed to install VirtualBox guest additions which is working ok
Docker version 1.13.1, build 0be3e21/1.13.1
Physical Host
Windows 10 64-bit
VirtualBox 6.1.4r136177
both these are the organization's decisions
tl;dr: had old version of docker due to wrong install command
The answer: install docker-ce instead of docker. Depending on your system that might be
sudo apt-get install -y docker-ce
or
sudo yum -y install docker-ce
instead of sudo apt-get install -y docker
or
sudo yum -y install docker
Solution: update docker
Having found this article I could see that I had the wrong version of docker. I justifiably thought the correct command was
sudo yum install -y docker
but it should have been docker-ce
I had to yum erase -y docker docker-common
Now I have Docker version 20.10.1, build 831ebea
Trying to lock a file in RHEL but seeing following issue
Stopped the services
service rpcbind stop
service nfslock stop
rm -rf /var/lib/nfs/statd/sm/*
rm -rf /var/lib/nfs/statd/sm.bak/*
service rpcbind start
service nfslock start
After this I'm using C program mentioned in https://community.microfocus.com/microfocus/cobol/net_express__server_express/w/knowledge_base/6215/c-program-to-validate-nfs-locking-ability
to :-
• Open File(Create)
• Lock File
• Close File
But seeing below errors
[root#mywebappsserver shared]$ ./nfs_lock
FATAL ERROR: Could not lock file
Even after restarting rpcbind and nfslock not seeing any entry under
# ls -l /var/lib/nfs/statd/sm/
Need your help in same
Fixed it after changing /var/lib permissions
Before:-
ls -ld lib
drwx------. 34 root root 4096 Jul 7 08:32 lib
After:-
ls -ld lib
drwxr-xr-x. 34 root root 4096 Jul 7 08:32 lib
UPDATE: This wasn't an issue when I setup my project on a Mac. I was using Fedora 24 in this problem.
I am trying to access my app in my docker instance. When I try and ls the mounted directory, I get a permission error:
root#591d02d0d6d2:/app#
ls: cannot open directory .: Permission denied
This is what my docker file looks like:
FROM pvlltvk/ubuntu-trusty-php-fpm-5.6
RUN apt-get install -y\
php5-curl \
php5-sybase \
freetds-dev \
libxml2-dev
ADD freetds.conf /etc/freetds/freetds.conf
USER root
RUN echo 'alias sf="php /app/app/console"' >> ~/.bashrc
WORKDIR /app
I know it's a permissions issue but I couldn't get any solutions to work. If I run ls -lh I can see that the owner id is 1000 and not root.
root#591d02d0d6d2:/# ls -lh
total 24K
drwxrwxr-x. 11 1000 1000 4.0K Dec 12 17:42 app //my project
drwxr-xr-x. 2 root root 4.0K Dec 13 08:25 bin
drwxr-xr-x. 2 root root 6 Apr 10 2014 boot
drwxr-xr-x. 5 root root 360 Dec 15 02:58 dev
This is the list of user permissions after logging them to the terminal:
➜ ~ ls -ld / /usr /usr/bin /usr/bin/manpath
drwxr-xr-x 33 root wheel 1190 Nov 14 08:49 /
drwxr-xr-x# 11 root wheel 374 Nov 7 09:12 /usr
drwxr-xr-x 1055 root wheel 35870 Nov 12 11:34 /usr/bin
lrwxr-xr-x 1 root wheel 3 Nov 5 18:13 /usr/bin/manpath -> man
And this is the error I receive when trying to update the permissions:
➜ ~ chmod 755 / /usr /usr/bin /usr/bin/*
chmod: Unable to change file mode on /usr/bin/apropos: Operation not permitted
chmod: Unable to change file mode on /usr/bin/at: Operation not permitted
This all began as an effort to debug the following zsh error:
zsh: command not found
I have tried resetting my $PATH variable to no avail. I've uninstalled and reinstalled zsh, run brew doctor, reinstalled node, etc. and am unsure where to proceed from here. The problems I am trying to fix are two-fold:
fix the PATH so that I can use commands (e.g.: ionic) from the
terminal
fix the permissions so I don't encounter any further
errors as I troubleshoot going forward
Can anyone offer guidance? Been trying to debug this for hours.
This my current PATH:
➜ ~ echo $PATH
echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin