1

I'm having some trouble setting up a Nuxt and Rails container using Docker. The two containers are separate, but interact with each other.

Currently, I'm having trouble running the dev servers for both the Nuxt and the Rails containers due to insufficient permissions. Looking at the logs for both of the containers, it seems that Docker can't do actions such as mkdir.

EACCESS: Permission Denied: 'mkdir: /usr/src/app/.nuxt' # nuxt 
EACCESS: Permission Denied: 'mkdir: /usr/src/app/tmp' # rails

My docker-compose.dev.yml file

version: 3
services:
  backend:
    privileged: true
    image: tablevibes-backend
    build:
      dockerfile: Dockerfile-dev
      context: tablevibes-backend
      args:
        UID: ${UID:-1001}
        BUNDLER_VERSION: 2.0.2
        PG_MAJOR: 10
        mode: development
    tty: true
    stdin_open: true
    volumes:
      - ./tablevibes-backend:/usr/src/app:Z
      - gem_data_api:/usr/local/bundle:cached
    ports:
      - "3000:3000"
    depends_on:
      - db
    user: rails
  client-ui:
    image: client-ui
    command: yarn run dev
    build:
      context: client-ui
      dockerfile: Dockerfile-dev
      args:
        UID: ${UID:-1001}
        PORT: 5000
        MODE: DEV
    restart: always
    volumes:
      - ./client-ui:/usr/src/app
      - client_ui_node_modules:/usr/src/app/node_modules:cached
    ports:
      - 5000:5000
    user: client-ui

The 2 Dockerfiles

The Rails Dockerfile-dev

FROM ruby:2.6.3

ARG PG_MAJOR
ARG BUNDLER_VERSION
ARG UID
ARG MODE
RUN adduser rails --uid $UID --disabled-password --gecos ""

# Add POSTGRESQL to the source list using the right version
RUN curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
  && echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' $PG_MAJOR > /etc/apt/sources.list.d/pgdg.list

ENV RAILS_ENV $MODE

RUN apt-get update -qq && apt-get install -y postgresql-client-$PG_MAJOR vim
RUN apt-get -y install sudo

WORKDIR /usr/src/app
CMD chown -R rails /usr/src/app
COPY Gemfile /usr/src/app/Gemfile
COPY Gemfile.lock /usr/src/app/Gemfile.lock
ENV BUNDLER_VERSION $BUNDLER_VERSION
RUN gem install bundler:$BUNDLER_VERSION

RUN bundle install

COPY . /usr/src/app

# Add a script to be executed every time the container starts.

COPY entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
EXPOSE 3000

# Start the main process.
CMD ["rails", "server", "-b", "0.0.0.0"]

The Nuxt Dockerfile-dev

FROM node:10

ARG UID
ARG MODE=DEV
ARG PORT

RUN adduser client-ui --uid $UID --disabled-password --gecos ""

RUN apt-get update
RUN apt-get -y install sudo

RUN mkdir /usr/src/app
RUN chown -R client-ui /usr/src/app

COPY package.json yarn.lock /usr/src/app

RUN yarn install

COPY . /usr/src/app

ENV API_URL=http://localhost:3000/v1
ENV REVIEW_URL=http://localhost:8000

# expose 5000 on container
EXPOSE $PORT

# set app serving to permissive / assigned
ENV NUXT_HOST=0.0.0.0

# set app port
ENV NUXT_PORT=$PORT

My problem is that those lines where I do RUN chown ... never seem to take place. If I manually go into the containers with docker exec -u root -it backend bash and run chown -R rails . manually, everything works as expected. Likewise I tried running chmod 777 as a test, however that also had no effect on the permission denied error I keep getting.

What might be causing Docker to ignore my chown command?

This Stack Overflow question seems relevant, however it doesn't quite apply because I don't have any VOLUME mounts inside my Dockerfiles. A user in the comments of the accepted answer has my same issue, though unfortunately no solution.

Sensanaty
  • 894
  • 1
  • 12
  • 35
  • 2
    You mount volume in compose file, effectively replacing directory inside the container. As you may guess, the mounted directory has it's own owner. – anemyte Oct 02 '20 at 18:28

3 Answers3

0

Containers are like ogres, or onions, they have layers.

When using VOLUMEs or MOUNTs, the directory (or file) is not actually IN the container, but only appears to be in it.

Your Dockerfile uses a layer for /usr/src/app, which as you probably already know is your ./tablevibes-backend directory on your host computer.

services:
  backend:
    volumes:
      - ./tablevibes-backend:/usr/src/app:Z

When you use a volume or mount in this way, the only thing Docker can do is simple CRUD (create, read, update, delete) options, it can not (and should not) modify the metadata as it is modifying your host drive, which could be a security issue.

jnovack
  • 7,629
  • 2
  • 26
  • 40
0

If you see the problem without using volumes, and are running docker build under Ubuntu 20, with docker.io 20.10.25-0ubuntu1~20.04.1, update the docker.io package to 20.10.25-0ubuntu1~22.04.2 and it will work.

It also happens in Ubuntu 22, and is caused by a bug.

Details of the bug: https://bugs.launchpad.net/ubuntu/+source/docker.io-app/+bug/2029523/

manio
  • 71
  • 1
  • 3
-2

try this:

sudo chown -R $USER:$USER .
thiagoBarbosa48
  • 164
  • 4