I am trying to run a gocd server docker image and facing file permissions issues. Can't seem to figure out what I am missing.
Found out what uid/gid is being used in the container:
]$ sudo docker container run gocd/gocd-server:v21.1.0 id
$ exec /usr/local/sbin/tini -g -- id
uid=1000(go) gid=0(root) groups=0(root)
[centos#ip-10-0-0-168 ~]$
Created a folder on the local host and set ownership:
$ sudo mkdir -p /gocd/data
[centos#ip-10-0-0-168 ~]$ sudo chown -R 1000:0 /gocd/
[centos#ip-10-0-0-168 ~]$
[centos#ip-10-0-0-168 ~]$ ls -l /
total 16
lrwxrwxrwx. 1 root root 7 Feb 29 2020 bin -> usr/bin
:
drwxr-xr-x. 3 centos root 18 Feb 8 15:55 gocd
:
Docker run:
$ sudo docker run -v /gocd/data/:/godata -p 8153:8153 gocd/gocd-server:v21.1.0
/docker-entrypoint.sh: Creating directories and symlinks to hold GoCD configuration, data, and logs
$ mkdir -v -p /godata/artifacts
mkdir: can't create directory '/godata/artifacts': Permission denied
/docker-entrypoint.sh: cannot mkdir -v -p /godata/artifacts
[centos#ip-10-0-0-168 ~]$
Ok, so instead of chown -R 1000:00 /gocd, I switched to chown -R 1000:root and with that I was able to get the container to start.
Though in both cases the output of ls -l shows the same user and group:
drwxr-xr-x. 3 centos root 18 Feb 9 01:36 gocd
Related
I am trying to to run an entrypoint script via docker-compose file. And im getting permission denied error while trying to edit a configuration while. I have tried with root user as well with no luck.
Dockerfile
FROM centos:7 AS ingestbase
RUN mkdir -p ${USER_HOME}/certs ${USER_HOME}/logs
COPY config/* ${USER_HOME}/
RUN useradd -m -d ${USER_HOME} user
RUN chown -R user ${USER_HOME}/
USER user
WORKDIR ${USER_HOME}
ENTRYPOINT ["/entrypoint.sh"]
Entrypoint.sh is as below:
set -x
TRY_LOOP="3"
who
pwd
ls -ltr
sed -i "s#{DB_PASS}#$DB_PASS#g" ${USER_HOME}/config.py
Following are the logs while running enrypoint.sh
+ TRY_LOOP=3
+ who
/usr/local/userhome
+ pwd
+ ls -ltr
total 10
drwxr-xr-x 9 user root 4096 Sep 20 02:51 logs
drwxr-xr-x 1 user root 6 Sep 25 05:59 certs
-rw-r--r-- 1 user root 41558 Sep 25 05:59 config.py
sed: couldn't open temporary file /usr/local/userhome/sedjzy3se: Permission denied
You most likely don't have executable permission on the entrypoint.
Have you tried doing:
RUN chmod +x /entrypoint.sh
ENTRYPOINT [ "/bin/sh", "/entrypoint.sh" ]
I'm trying to run clearlinux docker container on CentOS7. It launches successfully but basic fs operations fail:
$ docker run -it clearlinux:latest /bin/bash -c "ls -ld /"
ls: cannot access '/': Operation not permitted
However on CentOS8 and Ubuntu there is no such issue. It works fine:
$ docker run -it clearlinux:latest /bin/bash -c "ls -ld /"
drwxr-xr-x 1 root root 4096 Apr 14 14:18 /
I'm installing docker this way: https://docs.docker.com/engine/install/centos/
I've tried three different kernels: 5.6.4, 4.4.219, 3.10.0
Also I've tried both ext4 and xfs as Backing filesystem for overlay2.
Probably there is an issue with el7 kernel or el7 docker-ce package. Any help would be much appreciated.
As can be seen from the title, I am trying to run Katalon Studio in a Docker Linux container in Azure.
Perhaps I’m trying a tad too much regarding integration.
I integrated Docker into Azure and copied my whole Katalon project into the container through git clone from a git repository. It seems to be working, since I can run docker commands in the container and see the files in the container using ls.
However, when I try to run a test suite which is located in the container, I keep getting an error.
The command I run is
docker run -t --rm -v /home/docker/katalontest:/katalon/katalon/source katalonstudio/katalon katalon-execute.sh -browserType=“Chrome” -retry=0 -statusDelay=15 -testSuitePath=“Test Suites/Test”
The error I get is as follows:
echo 'Starting Katalon Studio'
Starting Katalon Studio
cat /katalon/version Google Chrome 72.0.3626.109 Mozilla Firefox 65.0 Katalon Studio 5.10.1
pwd
current_dir=/
workspace_dir=/tmp/katalon_execute/workspace
mkdir -p /tmp/katalon_execute/workspace
chmod -R 777 /tmp/katalon_execute/workspace
source_dir=/katalon/katalon/source
'[' -d /katalon/katalon/source ']'
project_dir=/tmp/katalon_execute/project
mkdir -p /tmp/katalon_execute/project
cp -r /katalon/katalon/source/Reports /katalon/katalon/source/report /tmp/katalon_execute/project
touch /tmp/katalon_execute/project/.classpath
chmod -R 777 /tmp/katalon_execute/project
rm -rf /tmp/katalon_execute/project/bin
rm -rf /tmp/katalon_execute/project/Libs
ls -la /tmp/katalon_execute/project total 16 drwxrwxrwx 4 root root 4096 Feb 19 07:33 . drwxr-xr-x 4 root root 4096 Feb 19 07:33 ..
-rwxrwxrwx 1 root root 0 Feb 19 07:33 .classpath drwxrwxrwx 2 root root 4096 Feb 19 07:33 Reports drwxrwxrwx 2 root root 4096 Feb 19 07:33 report
report_dir=/katalon/katalon/report
'[' -d /katalon/katalon/report ']'
mkdir -p /katalon/katalon/report
args=("$KATALON_KATALON_INSTALL_DIR/katalon" "$#")
args+=("-runMode=console")
args+=("-reportFolder=$report_dir")
args+=("-projectPath=$project_dir")
cd /tmp/katalon_execute/workspace
xvfb-run -s '-screen 0 1024x768x24' /opt/katalonstudio/katalon -testSuitePath=Test Suites/Test -g_Pass=smartlink2test -runMode=console -reportFolder=/katalon/katalon/report -projectPath=/tmp/katalon_execute/project Opening project file: /tmp/katalon_execute/project Invalid argument: Cannot find project'/tmp/katalon_execute/project'.
Request sent successfully.
ret_code=4
id -u
id -g
chown -R 0:0 /katalon/katalon/report
chmod -R 777 /katalon/katalon/report
ls /katalon/katalon/report
cd /
exit 4
It seems the project can’t be found. I can’t figure out why. Any help would be greatly appreciated.
You are right you are able to execute commands inside the container because you (clone/mount (-v /home/docker/katalontest:/katalon/katalon/source katalonstudio/katalon) the Katalon executables.
However, your issue is that your project when cloning the repo it is still inside the repository (https://github.com/katalon-studio/docker-images/tree/master/test/project - which in your case it is here (/katalon/katalon/source katalonstudio/katalon) however, you are forcing Katalon to use another location which is: -projectPath=/tmp/katalon_execute/project
Either you pass the right -projectPath or you clone/mount the repository there.
Also, I would suggest you to pay a bit more attention to the documentation.
I can't understand how exactly this works in Linux.
For example, I want only users in some group have access to execute some file (I hope this is possible without visudo).
I create a system user and system group like:
useradd -K UID_MIN=100 -K UID_MAX=499 -K GID_MIN=100 -K GID_MAX=499 -p \* -s /sbin/nologin -c "testusr daemon,,," -d "/var/testusr" testusr
I add my current user user to the group testusr (may be not cross platform):
adduser user testusr
I create some test shell file and set permissions:
touch test.sh
chmod ug+x test.sh
sudo chown testusr:testusr test.sh
But I still can't start test.sh as user:
./test.sh
-> Error
Now I look for some system groups like cdrom to check how they work. My user is in cdrom group and can use the cd rom on my computer:
$ ls -al /dev/cdrom
lrwxrwxrwx 1 root root 3 апр. 17 12:55 /dev/cdrom -> sr0
$ ls -al /dev/sr0
brw-rw----+ 1 root cdrom 11, 0 апр. 17 12:55 /dev/sr0
Addition:
./test.sh command starts to work as I want after system reboot. Strange...
I'm on Ubuntu Studio 15.10
The group changes are reflected only upon re-login.
On ubuntu 10.04.4 server, I did this:
sudo mkdir -p /data/somedir
sudo chown -R www-data.www-data /data/somedir
sudo chmod -R g+w /data/somedir
sudo usermod -a -G www-data john ##john is current login user.
. With these operations done, I suppose to have write permission in /data/somedir. But when I did this:
echo "123" > /data/somedir/123
, I got:
-bash: /data/somedir/123: Permission denied
The ls -l output:
$ ls -l /data/
total 4
drwxrwxr-x 2 www-data www-data 4096 2012-04-24 22:30 somedir
Question is: why? Is there something I still need to do after that?
Changes made with usermod only take effect on following logins; your existing login session does not yet have the www-data group, as you can verify with id. It is not easy to alter the identity of running processes (newgrp might work); the easiest way to deal is to log out and back in.