Docker: Permission denied to local MySQL volume - linux

I'm new with Docker and I don't know Linux well. I'm trying to build my own environment for local development with Docker. I’m using docker-compose utility. I want to store MySQL data in the local volume. When I run docker-compose build and docker-compose up -d commands for the first time, there are no errors. Data from MySQL container goes into the local folder. Everything works well except one: when I want to change my docker-compose.yml file and rebuild containers I get an error
vo#vo-ThinkPad-Edge-E330:~/www/test$ docker-compose build
mysql uses an image, skipping
nginx uses an image, skipping
Building app
Traceback (most recent call last):
File "bin/docker-compose", line 3, in <module>
File "compose/cli/main.py", line 67, in main
File "compose/cli/main.py", line 126, in perform_command
File "compose/cli/main.py", line 302, in build
File "compose/project.py", line 468, in build
File "compose/project.py", line 450, in build_service
File "compose/service.py", line 1125, in build
File "docker/api/build.py", line 160, in build
File "docker/utils/build.py", line 30, in tar
File "docker/utils/build.py", line 49, in exclude_paths
File "docker/utils/build.py", line 214, in rec_walk
File "docker/utils/build.py", line 214, in rec_walk
File "docker/utils/build.py", line 214, in rec_walk
[Previous line repeated 1 more time]
File "docker/utils/build.py", line 184, in rec_walk
PermissionError: [Errno 13] Permission denied: '/home/vo/www/test/docker/mysql/dbdata/performance_schema'
[301838] Failed to execute script docker-compose
I found out that the owner of the folder is systemd-coredump from root group. So I have 2 ways:
sudo docker-compose build
Delete /home/vo/www/test/docker/mysql/dbdata folder with sudo permissions and run docker-compose build again.
So, my question: Is this how it should be or is it possible to solve the permissions problem?
My project structure:
/
├── docker
│   ├── mysql
│   │   ├── conf
│   │   │   └── my.cnf
│   │   └── dbdata
│   ├── nginx
│   │   └── conf
│   │   └── nginx.conf
│   └── php
│   ├── conf
│   │   └── local.ini
│   ├── config
│   │   └── local.ini
│   └── Dockerfile
├── docker-compose.yml
└── src
My docker-compose.yml:
version: "3.7"
services:
#PHP Service
app:
build:
args:
user: laravel
uid: 1000
context: ./
dockerfile: ./docker/php/Dockerfile
image: laravel-image
container_name: laravel
restart: unless-stopped
tty: true
environment:
SERVICE_NAME: app
SERVICE_TAGS: dev
working_dir: /var/www/
volumes:
- ./src:/var/www
- ./docker/php/config/local.ini:/usr/local/etc/php/conf.d/local.ini
networks:
- laravel
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: unless-stopped
tty: true
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: laravel
MYSQL_ROOT_PASSWORD: secret
MYSQL_PASSWORD: secret
MYSQL_USER: laravel
SERVICE_TAGS: dev
SERVICE_NAME: mysql
volumes:
- ./docker/mysql/dbdata:/var/lib/mysql
- ./docker/mysql/conf/my.cnf:/etc/mysql/my.cnf
networks:
- laravel
#Nginx Service
nginx:
image: nginx:1.17-alpine
container_name: nginx
restart: unless-stopped
tty: true
ports:
- "80:80"
- "443:443"
environment:
SERVICE_NAME: nginx
SERVICE_TAGS: dev
volumes:
- ./src:/var/www
- ./docker/nginx/conf:/etc/nginx/conf.d
networks:
- laravel
#Networks
networks:
laravel:
driver: bridge

Ok, I found a trick. In my docker-compose.yml in service volume section I have to use named volumes instead of path. For example, 'mysqldbvolume' instead of './docker/mysql/dbdata'. Then I have to define a named volume in the top-level volumes key:
services:
#MySQL Service
mysql:
image: mysql:5.7
...
volumes:
- mysqldbvolume:/var/lib/mysql
- ./docker/mysql/conf/my.cnf:/etc/mysql/my.cnf
...
...
# Volumes
volumes:
mysqldbvolume:
driver: local
So, where is my volume now? If I want to see list of my volumes, I have to run docker volume ls:
DRIVER VOLUME NAME
local test_mysqldbvolume
local test_postgresdbvolume
Inspect volume - docker volume inspect test_mysqldbvolume:
[
{
"CreatedAt": "2020-12-17T21:54:53+02:00",
"Driver": "local",
"Labels": {
"com.docker.compose.project": "test",
"com.docker.compose.version": "1.27.4",
"com.docker.compose.volume": "mysqldbvolume"
},
"Mountpoint": "/var/lib/docker/volumes/test_mysqldbvolume/_data",
"Name": "test_mysqldbvolume",
"Options": null,
"Scope": "local"
}
]
So, path is "Mountpoint": "/var/lib/docker/volumes/test_mysqldbvolume/_data"
Run with regular user ls -la /var/lib/docker/volumes/test_mysqldbvolume/_data says access is denied. But if I run sudo ls -la /var/lib/docker/volumes/test_mysqldbvolume/_data I see my volume data:
drwxrwxrwt 6 systemd-coredump systemd-coredump 4096 дек 17 21:54 .
drwxr-xr-x 3 root root 4096 дек 17 21:42 ..
-rw-r----- 1 systemd-coredump systemd-coredump 56 дек 17 21:42 auto.cnf
-rw------- 1 systemd-coredump systemd-coredump 1676 дек 17 21:42 ca-key.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 1112 дек 17 21:42 ca.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 1112 дек 17 21:42 client-cert.pem
-rw------- 1 systemd-coredump systemd-coredump 1680 дек 17 21:42 client-key.pem
-rw-r----- 1 systemd-coredump systemd-coredump 2 дек 17 21:54 ed50eca9e01e.pid
-rw-r----- 1 systemd-coredump systemd-coredump 6093953 дек 17 21:54 general.log
-rw-r----- 1 systemd-coredump systemd-coredump 445 дек 17 21:49 ib_buffer_pool
-rw-r----- 1 systemd-coredump systemd-coredump 79691776 дек 17 21:54 ibdata1
-rw-r----- 1 systemd-coredump systemd-coredump 50331648 дек 17 21:54 ib_logfile0
-rw-r----- 1 systemd-coredump systemd-coredump 50331648 дек 17 21:42 ib_logfile1
-rw-r----- 1 systemd-coredump systemd-coredump 12582912 дек 17 21:54 ibtmp1
drwxr-x--- 2 systemd-coredump systemd-coredump 4096 дек 17 21:47 laravel
drwxr-x--- 2 systemd-coredump systemd-coredump 4096 дек 17 21:42 mysql
drwxr-x--- 2 systemd-coredump systemd-coredump 4096 дек 17 21:42 performance_schema
-rw------- 1 systemd-coredump systemd-coredump 1680 дек 17 21:42 private_key.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 452 дек 17 21:42 public_key.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 1112 дек 17 21:42 server-cert.pem
-rw------- 1 systemd-coredump systemd-coredump 1680 дек 17 21:42 server-key.pem
drwxr-x--- 2 systemd-coredump systemd-coredump 12288 дек 17 21:42 sys
Most importantly, the permission error is gone.

I had this issue too but for a different reason than the majority of answers here.
I have a dual boot setup with a 2nd disk accessible to both Linux and Windows.
I had my docker images and code on the 2nd disk, an NTFS-3G drive. I tried all workarounds with chmod and chown but it just would not work.
When the penny dropped NTFS-3G was causing the issue, I moved Docker back to the default configuration with everything on the system disk including the code of my project.
Images & containers were once again in the default location /var/lib/docker and my code I moved to ~/code/project.
Once I did this, all permission issues went away.

Related

Getting file permission error in docker container ERROR in [eslint] EACCES: permission denied, open '/app/node_modules/.cache/.eslintcache'

I am trying to create a react app wihout installing anything in my machine and for that I have used this Dockerfile
FROM node:18.12
# Create app directory
WORKDIR /app
# Install app dependencies
COPY package.json package-lock.json ./
RUN npm install
# Bundle app source
COPY . .
EXPOSE 3000
CMD ["sudo", "npm", "start"]
and following is my docker-compose.yml
version: '3'
services:
ui:
build: ./ui
container_name: UI
ports:
- "3000:3000"
volumes:
- "./ui:/app"
- "/app/node_modules"
when I am doing docker-compose up
I am getting the following error
UI | Failed to compile.
UI |
UI | [eslint] EACCES: permission denied, open '/app/node_modules/.cache/.eslintcache'
UI | ERROR in [eslint] EACCES: permission denied, open '/app/node_modules/.cache/.eslintcache'
UI |
UI | webpack compiled with 1 error
and here's the wsl2 file structure and permissions
drwxr-xr-x 5 blank blank 4096 Jan 6 18:40 .
drwxr-xr-x 5 blank blank 4096 Jan 6 18:54 ..
-rw-r--r-- 1 blank blank 310 Jan 6 18:38 .gitignore
-rw-r--r-- 1 blank blank 209 Jan 6 18:55 Dockerfile
-rw-r--r-- 1 blank blank 3359 Jan 6 18:38 README.md
drwxr-xr-x 2 root root 4096 Jan 6 18:40 node_modules
-rw-r--r-- 1 blank blank 665979 Jan 6 18:38 package-lock.json
-rw-r--r-- 1 blank blank 827 Jan 6 18:38 package.json
drwxr-xr-x 2 blank blank 4096 Jan 6 18:38 public
drwxr-xr-x 2 blank blank 4096 Jan 6 18:38 src
thanks.

Incorrect permissions for file with docker compose volume? 13: Permission denied

I have the following docker_compose.yaml:
version: "3.8"
services:
reverse-proxy:
image: nginx:1.17.10
container_name: reverse_proxy
volumes:
- ../nginx/nginx.conf:/etc/nginx/nginx.conf
ports:
- "8050:8050"
- "8051:8051"
webapp:
image: my-site
command: --port 8050 8051 --debug yes
volumes:
- /home/user/data:/data
ports:
- "8050:8050"
- "8051:8051"
depends_on:
- reverse-proxy
When I run via docker compose I get the following error:
$ sudo docker-compose -f /home/user/docker_compose.yaml up
...
reverse_proxy | 2022/03/09 00:49:19 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (13: Permission denied)
reverse_proxy | nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (13: Permission denied)
reverse_proxy exited with code 1
So to investigate I re-ran just the nginx container:
$ sudo docker run -v ../nginx/nginx.conf:/etc/nginx/nginx.conf -t docker.io/nginx tail -f /dev/null
ssh'd in and I see:
root#d8e84f89fcad:/# ls -la /etc/nginx/
ls: cannot access '/etc/nginx/nginx.conf': Permission denied
total 20
drwxr-xr-x. 3 root root 132 Mar 1 14:00 .
drwxr-xr-x. 1 root root 66 Mar 9 00:54 ..
drwxr-xr-x. 2 root root 26 Mar 1 14:00 conf.d
-rw-r--r--. 1 root root 1007 Jan 25 15:03 fastcgi_params
-rw-r--r--. 1 root root 5349 Jan 25 15:03 mime.types
lrwxrwxrwx. 1 root root 22 Jan 25 15:13 modules -> /usr/lib/nginx/modules
-?????????? ? ? ? ? ? nginx.conf
-rw-r--r--. 1 root root 636 Jan 25 15:03 scgi_params
-rw-r--r--. 1 root root 664 Jan 25 15:03 uwsgi_params
I consulted the following Q and others and they seem to suggest to just restart the docker service, so I did and I still get ? permissions upon re running.
I assume that this is causing the permission error? If so, how can I set the correct permissions on this nginx config file? Is this really a volume permission issue?
Versions:
Docker version 1.13.1, build 7d71120/1.13.1
docker-compose version 1.29.2, build 5becea4c
CentOS 7
I think it was an SELinux thing, appending :z to the volume fixed it.
volumes:
- ../nginx/nginx.conf:/etc/nginx/nginx.conf:z

Dockerfile CMD Works on MacOS, Fails on Linux

The Dockerfile I have used for a long time to build containers on MacOS fails to create a viable container when build is performed on Linux (Ubuntu 18.04). The image builds, but then k8s cannot spin up the container. The error log says "/bin/sh: ./dgs: not found". Have tried many permutations, but it seems like the environment inside the container changed somehow. I can even put in an ls -la and see the executable listed in stdout, but CMD cannot see it.
build folder:
drwxrwxr-x 2 user1 user1 4096 Jun 21 16:26 .
drwxr-xr-x 6 user1 user1 4096 Jun 21 16:19 ..
-rw-r--r-- 1 user1 user1 257867 Jun 21 16:20 ca-certificates.crt
-rwxr-xr-x 1 user1 user1 15826392 Jun 21 16:40 dgs
-rw-rw-r-- 1 user1 user1 151 Jun 21 16:59 Dockerfile
Dockerfile:
FROM alpine:3.6
COPY ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
WORKDIR /home
COPY ./dgs dgs
RUN ls -la
EXPOSE 8090
CMD ./dgs
docker version:
Client:
Version: 18.09.1
API version: 1.39
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:35:23 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:02:44 2019
OS/Arch: linux/amd64
Experimental: false
I would be more explicit:
WORKDIR /home
COPY ./dgs /home/dgs
RUN chmod +x /home/dgs
CMD ["/home/dgs"]

How to set permissions with Docker Build? error checking context: 'no permission to read from...'

I firstly encountered
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
problem when I try to run docker-compose build.
version: '3.1'
services:
client:
build: .
volumes:
- "./client:/app"
ports:
- "3031:3000"
depends_on:
- api
api:
build: .
volumes:
- "./api:/app"
ports:
- "3003:3000"
- "9229:9229"
depends_on:
- db
db:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: example
MYSQL_DATABASE: users
MYSQL_USER: test
MYSQL_PASSWORD: test1234
ports:
- "3307:3306"
volumes:
- ./docker/data/db:/var/lib/mysql
I made small changes to one repo by adding Docker debug options.
After looking at this and many SO posts, I realized that I should try docker build.
docker build -f="Dockerfile" .
I got error
error checking context: 'no permission to read from '/home/miki/mysql-registration-passport/docker/data/db/ca-key.pem''.
These are files with permissions
drwxr-xr-x 9 miki miki 4096 мај 7 07:56 ./
drwxr-xr-x 88 miki miki 4096 мај 7 06:20 ../
drwxr-xr-x 6 miki miki 4096 мај 6 08:51 api/
drwxr-xr-x 5 miki miki 4096 мај 6 10:41 client/
drwxr-xr-x 3 root root 4096 мај 6 10:41 docker/
-rw-r--r-- 1 miki miki 543 мај 7 07:37 docker-compose.yml
-rw-r--r-- 1 miki miki 64 мај 6 08:45 Dockerfile
drwxr-xr-x 8 miki miki 4096 мај 6 08:45 .git/
drwxr-xr-x 2 miki miki 4096 мај 6 08:45 .github/
-rw-r--r-- 1 miki miki 55 мај 6 08:45 .gitignore
drwxr-xr-x 3 miki miki 4096 мај 6 08:45 .idea/
-rw-r--r-- 1 miki miki 3462 мај 6 08:45 README.md
drwxr-xr-x 2 miki miki 4096 мај 6 08:45 .vscode/
How to set docker folder permissions? I am on Ubuntu 18.04.
SOLVED
sudo chmod 755 -R .
Permissions
-rwxr-xr-x 1 miki miki 543 мај 7 07:37 docker-compose.yml*
-rwxr-xr-x 1 miki miki 64 мај 6 08:45 Dockerfile*

docker-compose gives mongo error about not owning the data folder

Based on the following files:
Dockerfile
FROM node:8-alpine
RUN apk add --no-cache ffmpeg
RUN apk add --no-cache git
RUN apk add --no-cache tar
WORKDIR /app/
COPY package*.json /app/
COPY bower.json /app/
RUN npm i
RUN npm i -g bower
RUN bower install --allow-root
COPY . .
EXPOSE 8080
CMD ["npm", "start"]
docker-compose-yml
version: '3.1'
services:
node:
container_name: nodetube
build:
context: .
dockerfile: Dockerfile
ports:
- "49161:3000"
volumes:
- .:/app/
- /app/node_modules
- ./upload:/app/upload
- ./uploads:/app/uploads
environment:
- REDIS_HOST=redis
- MONGODB_DOCKER_URI=mongodb://nodetube-mongo:27017/nodetube
depends_on:
- redis
- mongo
command: npm start
networks:
- nodetube-network
mongo:
container_name: nodetube-mongo
image: mongo:3.6
volumes:
- ./data/db:/data/db
ports:
- "27011:27017"
networks:
- nodetube-network
redis:
container_name: nodetube-redis
image: redis
networks:
- nodetube-network
networks:
nodetube-network:
driver: bridge
.dockerignore
.*
docker-compose.yml
*.md
node_modules
npm-debug.log
Running $ docker-compose up --build gives me an error:
nodetube-mongo | 2020-01-06T19:33:08.815+0000 I STORAGE [initandlisten] exception in initAndListen: IllegalOperation: Attempted to create a lock file on a read-only directory: /data/db, terminating
I'm not a Docker expert, how can I get this to work? Thanks
On my local machine if I run $ ls -al /data
I receive:
total 0
drwxr-xr-x 4 root wheel 128 May 13 2018 .
drwxr-xr-x 33 root wheel 1056 Apr 11 2019 ..
drwxrwxrwx 432 anthony wheel 13824 Jan 6 12:21 db
drwxr-xr-x 385 anthony wheel 12320 May 13 2018 db2
anthony at Anthonys-MacBook-Pro in /data/db
$ ls -al
total 17565016
drwxrwxrwx 432 anthony wheel 13824 Jan 6 12:21 .
drwxr-xr-x 4 root wheel 128 May 13 2018 ..
-rw--w--w- 1 anthony wheel 48 May 13 2018 WiredTiger
-rw--w--w- 1 anthony wheel 21 May 13 2018 WiredTiger.lock
-rw--w--w- 1 anthony wheel 1088 Jan 6 12:21 WiredTiger.turtle
-rw--w--w- 1 anthony wheel 1216512 Jan 6 12:21 WiredTiger.wt
-rw--w--w- 1 anthony wheel 4096 Jan 6 12:20 WiredTigerLAS.wt

Resources