Here is the situation on a clean docker-machine environment:
➜ momestock docker-machine start momestock
Started machines may have new IP addresses. You may need to re-run the `docker-machine env` command.
➜ momestock eval "$(docker-machine env momestock)"
➜ momestock echo 'Helo world!' > hello.txt
➜ momestock ls -la
total 12
drwxr-xr-x 2 andrea andrea 4096 Oct 30 11:33 .
drwxr-xr-x 16 andrea andrea 4096 Oct 29 19:49 ..
-rw-r--r-- 1 andrea andrea 12 Oct 30 11:39 hello.txt
➜ momestock pwd
/home/andrea/projects/momestock
➜ momestock docker run -v /home/andrea/projects/momestock:/tmp busybox ls -la /tmp
total 4
drwxr-xr-x 2 root root 40 Oct 30 10:39 .
drwxr-xr-x 18 root root 4096 Oct 30 10:39 ..
➜ momestock
Is that a permissions problem? Or uids?
The problem appears with busybox but also every other container.
EDIT [SOLVED]:
looks like it's docker-machine's normal behavior to not bind mount
What OS do you use? Try to add 777 permissions just for check.
I just found out that docker-machine doesn't bind mount. It's the expected behavior.
Related
I created a lxc Container with Proxmox using
https://www.turnkeylinux.org/download?file=turnkey-nextcloud-17.1-bullseye-amd64.iso
i have mount a harddisk to the proxmox main system with
root#pve:/mnt/nas/data# pct set 101 -mp0 /mnt/nas ,mp=/mnt/nextcloud
but i have the problem , the folder permissions are nobody:nogroup and i cant change it as root user inside the lxc container.
And the www-data user/group are exist in the lxc Container,but not shown as about the commands.
that is from the Proxmox System
root#pve:/mnt/nas# ls -la
total 29
drwxr-xr-x 5 root root 4096 Jan 9 13:53 .
drwxr-xr-x 3 root root 3 Jan 14 12:10 ..
drwxr-xr-x 2 root root 4096 Jan 3 08:01 code
drwxr-x--- 10 www-data www-data 4096 Jan 9 23:05 data
drwx------ 2 root root 16384 Nov 24 10:39 lost+found
root#pve:/mnt/nas# cat /etc/fstab
# \<file system\> \<mount point\> \<type\> \<options\> \<dump\> \<pass\>
proc /proc proc defaults 0 0
UUID=7a2cccf9-745c-462a-acf8-80bca216da85 /mnt/nas ext4 defaults 0 1
root#pve:/mnt/nas#
from the lxc Container is this :
root#Nextcloud /mnt# ls
nextcloud
root#Nextcloud /mnt# ls -la
total 13
drwxr-xr-x 3 root root 3 Jan 14 11:14 .
drwxr-xr-x 17 root root 23 Jan 14 11:09 ..
drwxr-xr-x 5 nobody nogroup 4096 Jan 9 12:53 nextcloud
root#Nextcloud /mnt# chown -R www-data:www-data /mnt/nextcloud/data/
chown: cannot read directory '/mnt/nextcloud/data/': Permission denied
root#Nextcloud /mnt# chown -R root:root /mnt/nextcloud/data/
chown: cannot read directory '/mnt/nextcloud/data/': Permission denied
root#Nextcloud /mnt# groups
root
root#Nextcloud /mnt# addgroup www-data
addgroup: The group \`www-data' already exists.
root#Nextcloud /mnt#
how i can solved that problem?
########################
LXC uses linux namespaces to separate user IDs from the host. By default the UID 0 (root) inside the container is seen as UID 100000 by the Proxmox host. That's why the directory you're bind-mounting, which is owned by www-data (UID 33) from the host perspective is nobody:nogroup inside the container.
There are a couple ways to deal with this, but my preferred method, if you can get away with it, is to change the owner of the directory from the host to the desired UID + 100000. So in this case, do chown -R 100033:100033 /mnt/nas and that should give you the desired permissions in the container.
If it's important to keep the permissions as they are from the host perspective, try using an ID map (there's a good description in the Proxmox wiki: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers; and also a website to help calculate the proper UID numbers: https://proxmox-idmap-helper.nieradko.com/)
root#Nextcloud ~# cd /mnt
root#Nextcloud /mnt# ls
nextcloud
root#Nextcloud /mnt# cd nextcloud/
root#Nextcloud /mnt/nextcloud# ls
code data lost+found
root#Nextcloud /mnt/nextcloud# cd data/
root#Nextcloud .../nextcloud/data# ls
Biene appdata_oczb14gwpmn2 flow.log nextcloud.log.1
Meltymon audit.log flow.log.1 owncloud.db
__groupfolders biene index.html updater-oczb14gwpmn2
appdata_ochaal06qhnm files_external nextcloud.log updater.log
root#Nextcloud .../nextcloud/data# cd ..
root#Nextcloud /mnt/nextcloud# ls -la
total 29
drwxr-xr-x 5 www-data www-data 4096 Jan 9 12:53 .
drwxr-xr-x 3 root root 3 Jan 14 11:14 ..
drwxr-xr-x 2 www-data www-data 4096 Jan 3 07:01 code
drwxr-x--- 10 www-data www-data 4096 Jan 9 22:05 data
drwx------ 2 www-data www-data 16384 Nov 24 09:39 lost+found
root#Nextcloud /mnt/nextcloud#
Nice it Works!
i must be install sudo for reinitialize the Database and Folders
sudo -u www-data php occ files:scan --all
sudo -u www-data php occ db:add-missing-indices
And give the occ file the x permissions
chown +x /var/www/nextcloud/occ
Thank you so much,ive searched the hole day for a solution with Google but dont find anything like that.
I'm following the guidelines from: https://denibertovic.com/posts/handling-permissions-with-docker-volumes/ to setup a --volume bind mount in my container and creating a user in the guest container with the same UID as my host user - the theory being that my container user should be able to access the mount. It's not working for me and I'm looking for some pointers to try next.
More background details:
My Dockerfile starts from an alpine base and adds python dev packages. It copies across an entrypoint.sh script per guidelines from denibertovic. It then jumps to the entrpoint.sh script.
FROM alpine
RUN apk update
RUN apk add bash
RUN apk add python3
RUN apk add python3-dev
RUN apk add su-exec
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
The entrpoint.sh script adds a user to the container with the UID passed in as an environment variable.
#!/bin/bash
# Add local user
# Either use the LOCAL_USER_ID if passed in at runtime or
# fallback
USER_ID=${LOCAL_USER_ID:-9001}
echo "Starting with UID : $USER_ID"
adduser -s /bin/bash -u $USER_ID -H -D user
export HOME=/home/user
su-exec user "$#"
The container builds no problem.
I then run it with the following command line:
sudo docker run -it -e LOCAL_USER_ID=`id -u` -v `realpath ../..`:/ws django-runtime /bin/bash
You'll see that I'm passing in my host UID to be mapped to the container user's UID and I'm asking for a volume bind mount from my local working directory to the /ws mountpoint in the container.
From the bash shell inside the container I can see that /ws is owned by the 'user' UID matching my own 'id'. However, when I go to list the contents of /ws I get a Permission Denied error as follows:
[dleclair#localhost runtime]$ sudo docker run -it -e LOCAL_USER_ID=`id -u` -v `realpath ../..`:/ws django-runtime /bin/bash
[sudo] password for dleclair:
Starting with UID : 1000
bash-5.0$ id
uid=1000(user) gid=1000(user) groups=1000(user)
bash-5.0$ ls -la .
total 0
drwxr-xr-x 1 root root 27 Feb 8 09:15 .
drwxr-xr-x 1 root root 27 Feb 8 09:15 ..
-rwxr-xr-x 1 root root 0 Feb 8 09:15 .dockerenv
drwxr-xr-x 1 root root 18 Feb 8 07:44 bin
drwxr-xr-x 5 root root 360 Feb 8 09:15 dev
drwxr-xr-x 1 root root 91 Feb 8 09:15 etc
drwxr-xr-x 2 root root 6 Jan 16 21:52 home
drwxr-xr-x 1 root root 17 Jan 16 21:52 lib
drwxr-xr-x 5 root root 44 Jan 16 21:52 media
drwxr-xr-x 2 root root 6 Jan 16 21:52 mnt
drwxr-xr-x 2 root root 6 Jan 16 21:52 opt
dr-xr-xr-x 119 root root 0 Feb 8 09:15 proc
drwx------ 2 root root 6 Jan 16 21:52 root
drwxr-xr-x 1 root root 21 Feb 8 07:44 run
drwxr-xr-x 1 root root 21 Feb 8 08:22 sbin
drwxr-xr-x 2 root root 6 Jan 16 21:52 srv
dr-xr-xr-x 13 root root 0 Feb 8 01:58 sys
drwxrwxrwt 2 root root 6 Jan 16 21:52 tmp
drwxr-xr-x 1 root root 19 Feb 8 07:44 usr
drwxr-xr-x 1 root root 19 Jan 16 21:52 var
drwxrwxr-x 5 user user 111 Feb 8 02:15 ws
bash-5.0$
bash-5.0$
bash-5.0$ cd /ws
bash-5.0$ ls -la
ls: can't open '.': Permission denied
total 0
bash-5.0$
Appreciate any pointers anyone can offer. Thanks!
After more searching I found the answer to my problem here: Permission denied on accessing host directory in Docker and here: http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/.
In short, the problem was with the SELinux default labels for the volume mount blocking access to the mounted files. The solution was to add a ':Z' trailer to the -v command line argument to force docker to set the appropriate flags against the mounted files to allow access.
The command line therefore became:
sudo docker run -it -e LOCAL_USER_ID=`id -u` -v `realpath ../..`:/ws:Z django-runtime /bin/bash
Worked like a charm.
Im trying to copy my local private ssh key into a container. Using a volume mount at run time. Like so:
rick#LAPTOP-D5547FDI:~/workspaces/ansible$ docker run -v /c/Users/rick/.ssh/:/root/.ssh/:ro -d -t rickd3/ansible:latest
However, when i go into the container there are no files present (??)
rick#LAPTOP-D5547FDI:~/workspaces/ansible$ ls -l ~/.ssh/
total 12
-rw------- 1 rick rick 1675 Feb 3 20:37 id_rsa
-rw-r--r-- 1 rick rick 402 Feb 3 20:37 id_rsa.pub
-rw-r--r-- 1 rick rick 2434 Feb 6 20:37 known_hosts
rick#LAPTOP-D5547FDI:~/workspaces/ansible$ whoami
rick
Any ideas?
I have a strange problem running a Docker container
It is working OK if I run:
docker run -it -v /home/drleo/pythonCourses:/home/pythonCurses /redpmorg/python-courses
But if I run container with publish option the Docker will create a new folder in my /home/drleo directory with the SAME name: pythonCourses, owned by root but obviously empty:
docker run -it -p 127.0.0.1:8080:8080 -v /home/drleo/pythonCourses:/home/pythonCurses /redpmorg/python-courses
-rw-r--r-- 1 drleo drleo 675 May 6 2016 .profile
drwxr-xr-x 2 drleo drleo 4096 May 6 2016 Public
drwxr-xr-x 2 root root 4096 Feb 16 13:08 pyhtonCourses
drwxrwxr-x 2 drleo drleo 4096 Feb 16 13:08 pythonCourses
-rwxrwxr-x 1 drleo drleo 71 Jan 20 22:35 reset-network
The question is why? Thanks!
You seem to have a type somewhere. python != pyhton.
Double check your command history.
First time docker user here, I'm using this image: https://github.com/dgraziotin/osx-docker-lamp
I want to make the apache in that container to use a configuration file from the host system. How do I do that?
I know I can use nsenter, but I think my changes will get deleted when the container is turned off.
Thank you
The best solution is using VOLUME.
docker pull dgraziotin/lamp
You need to copy /etc/apache2/ from container to current directory in host computer. Then you can do this:
cd ~
mkdir conf
docker run -i -t --rm -v ~/conf:/tmp/conf dgraziotin/lamp:latest /bin/bash
On container do:
ls /tmp/conf
cd /etc/apache2/
tar -cf /tmp/conf/apache-conf.tar *
exit
On host computer:
cd conf
tar -xf apache-conf.tar
cd ..
# alter your configuration in this file and save
vi conf/apache2.conf
# run your container : daemon mode
docker run -d -p 9180:80 --name web-01 -v ~/conf:/etc/apache2 dgraziotin/lamp:latest
docker ps
To list conf content on Container use:
docker exec web-01 ls -lAt /etc/apache2/
total 72
-rw-r--r-- 1 root root 1779 Jul 17 20:24 envvars
drwxr-xr-x 2 root root 4096 Apr 10 11:46 mods-enabled
drwxr-xr-x 2 root root 4096 Apr 10 11:45 sites-available
-rw-r--r-- 1 root root 7136 Apr 10 11:45 apache2.conf
drwxr-xr-x 2 root root 4096 Apr 10 11:45 mods-available
drwxr-xr-x 2 root root 4096 Apr 10 11:44 conf-enabled
drwxr-xr-x 2 root root 4096 Apr 10 11:44 sites-enabled
drwxr-xr-x 2 root root 4096 Apr 10 11:44 conf-available
-rw-r--r-- 1 root root 320 Jan 7 2014 ports.conf
-rw-r--r-- 1 root root 31063 Jan 3 2014 magic
Use docker exec web-01 cat /etc/apache2/apache2.conf to list content inside Container.
One the WEB page to test your environment.
I hope this help you.
You should use a Dockerfile to generate a new image containing your desired configuration. For example:
FROM dgraziotin/lamp
COPY my-config-file /some/configuration/file
This assumes that there is a file my-config-file located in the same directory as the Dockerfile. Then run:
docker build -t myimage
And once the build completes you will have an image named myimage available locally.