0

My dockerfile contents:

FROM node:16.0.0-alpine3.13
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app

WORKDIR /app
COPY . .
RUN npm install

When I try to build the container I get this permission error:

npm ERR! code EACCES
npm ERR! syscall open
npm ERR! path /app/package-lock.json
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, open '/app/package-lock.json'
npm ERR!  [Error: EACCES: permission denied, open '/app/package-lock.json'] {
npm ERR!   errno: -13,
npm ERR!   code: 'EACCES',
npm ERR!   syscall: 'open',
npm ERR!   path: '/app/package-lock.json'
npm ERR! }
npm ERR! 
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR! 
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/app/.npm/_logs/2021-05-08T12_59_30_045Z-debug.log

I don't understand, why I am getting this error as the parent directory is owned by the app user, and it also have permissions to read package.lock and package.json files.

If I remove the RUN npm install from Dockerfile and build the container, this is the output of ls -l


-rw-r--r--    1 root     root        660074 May  5 12:33 package-lock.json
-rw-r--r--    1 root     root           813 Mar  5 19:00 package.json

The other user have read permission. And that seems to be the permission npm install needs. Why am I getting permission error here?

Yash Rathi
  • 551
  • 7
  • 9
  • "*and it also have permissions to read package.lock and package.json files. Why am I getting permission error here?*" - That is the problem. User `app` most probably does not have permission to read the file. Please check the llnk in my comment to control the ownership through the `COPY` instruction. – Turing85 May 08 '21 at 13:15
  • I'd suggest building the application as root, and moving the `USER` directive to the end of the file (after all of the `RUN` commands). If there's a bug, that will protect you from accidentally overwriting your application code or static assets. – David Maze May 08 '21 at 13:56
  • @Turing85 please check the updated question. [This](https://stackoverflow.com/questions/28879364/docker-copy-and-change-owner) thread doesn't solve my problem – Yash Rathi May 08 '21 at 14:01
  • @DavidMaze It works if I move `USER` to the end of file, but then my `node_modules` folder is owned by the `app` user. Is this not a security problem that regular(not root user) could edit, the `node_modules` directory. Also, I am not sure why it don't work, with my approach and confused regarding that. Also [this](https://stackoverflow.com/questions/28879364/docker-copy-and-change-owner) thread don't seem to be related to my problem. – Yash Rathi May 08 '21 at 14:04
  • @YashRathi If it works as root, then it **is** a permission issue. I would assume that npm tries to open the file with write permission. Please change the owner when copying the files to the container. – Turing85 May 08 '21 at 14:07
  • @Turing85 Sorry I am very new to this, I changed permission of `package.json` and `package-lock.json` on my host machine running fedora, by this command `chmod 444 package.json package-lock.json`, then I ran `npm install` and it ran fine. So it seems, `npm install` command don't need write access. I am new to this, could you please direct me to good example on making this work with Docker. – Yash Rathi May 08 '21 at 14:57
  • The [1st answer of the duplicate](https://stackoverflow.com/a/46540591/4216641) has an example. For more in-depth information, there is always the [official `dockerfile` documentation](https://docs.docker.com/engine/reference/builder/). – Turing85 May 08 '21 at 14:59

0 Answers0