9

I'm trying to set up a development environment using docker-compose and my container does not seem to have permissions to the host directory that is mounted to the container, i'm getting this error when running a grunt task that tries to modify folders inside the volume:

app_1                   | Warning: Unable to delete ".tmp" file (EACCES, permission denied '.tmp'). Use --force to continue.

here's my docker file:

FROM node:0.10

RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

RUN apt-get update \
    && apt-get install -y --no-install-recommends ruby-sass \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean -y \
    && apt-get autoremove -y

RUN npm install -g grunt-cli bower

RUN groupadd -r node \
&&  useradd -r -m -g node node

RUN chown -R node:node /usr/src/app

USER node

EXPOSE 8080

and my docker-compose file:

app:
  build: .
  dockerfile: Dockerfile.dev
  ports:
   - "9000:9000"
  env_file:
   - ./server/config/env/development.env
  volumes:
   - ./:/usr/src/app:Z
  command: bash -c "npm install && bower install && grunt dev && npm start"

db:
  ports:
   - "27017:27017"
  • I'm running ubuntu 15.10 with docker-compose version 1.5.2, build 7240ff3
  • Note that I am using the :Z permission
Avi Farada
  • 681
  • 2
  • 7
  • 15
  • Well, you set the permissions, but then you mount a volume over the top, which will have different permissions. – Adrian Mouat Dec 30 '15 at 22:46
  • But it looks like the permissions are to do with node vs root anyway - does it work if you remove the USER node line? – Adrian Mouat Dec 30 '15 at 22:48
  • 1
    @AdrianMouat - I tried removing the mkdir line, I agree it's redundant but it's not what's breaking my permissions as far as I can see, got the same error gist to edited Dockerfile: https://gist.github.com/avif/a7a99b14a6abca6157e6 I tried removing the node user related lines and it did work (!), although now the app is using the root user which is different from my production setup - which was the whole point of using docker in the first place... gist to edited Dockerfile: https://gist.github.com/avif/c26d7a389aad11e8e69d but thanks, at least now the problem is isolated to the node user – Avi Farada Dec 31 '15 at 00:05
  • I never said anything about the mkdir line. I'll add an answer, you can let me know if it helps. – Adrian Mouat Dec 31 '15 at 08:15

1 Answers1

4

It's just a file permissions thing.

The first thing to realise is that the volume you are mounting has different permissions to the folder you create and chown in the Dockerfile. The node user presumably doesn't have permissions to access this folder. You can fix this by running something like:

$ docker run -u root -v $(pwd):/usr/src/app:Z my_app_image chown -R node:node /usr/src/app

This will change the permissions of the folder on the host.

Alternatively, if you need to be root to run the npm install && bower install, you could leave the root user as the default user then change to the node user to run the application. Something like:

npm install && bower install && gosu node npm start

Here I've used the gosu tool, which you will need to install in the image. It's a little nicer than sudo, as it doesn't start a second process.

Adrian Mouat
  • 44,585
  • 16
  • 110
  • 102
  • As I see it, the first command runs the docker image with root user and mounts the /user/src/app folder with permissions to that user, you then proceed to using the chown command to give the node user permissions to the folder as well. This didn't work for me, still no permissions to the node user, here's a gist to my attempt at this with docker-compose: https://gist.github.com/avif/8cf231ebda31cba379f9 I left the root user in the Dockerfile – Avi Farada Dec 31 '15 at 12:19
  • Nope, selinux on disabled had no effect – Avi Farada Jan 06 '16 at 14:24
  • But it does work if you run as the root user? Perhaps it's another directory e.g /tmp that the node user needs rights to. Also check if you can write to /usr/src/app at all as Node (e.g. just run touch /usr/src/app/test in a container) – Adrian Mouat Jan 06 '16 at 21:02
  • Tried checking write permissions using the root user in the container with touch, and I get "permission denied" although the grunt job is able to change files – Avi Farada Jan 16 '16 at 16:37