This question already has answers here:
Strange file permission in docker container (question marks on permission bit and user bit)
(2 answers)
Closed 3 years ago.
I wrote a Dockerfile, the last contents are
RUN echo "root:root" | chpasswd
RUN echo "beakerx:beakerx" | chpasswd
RUN usermod -aG sudo beakerx
RUN echo beakerx | sudo -S chown -R beakerx:beakerx /home/beakerx/.local
RUN echo beakerx | sudo -S find /home/beakerx/.local -type d -exec chmod 755 {} \;
RUN echo beakerx | sudo -S find /home/beakerx/.local -type f -exec chmod 644 {} \;
RUN id
RUN ls -la /home/beakerx/.local
RUN ls -la /home/beakerx/.local/share
USER beakerx
RUN id
RUN ls -la /home/beakerx/.local
RUN ls -la /home/beakerx/.local/share
When I build this image, it gave me the following errors.
Step 17/29 : RUN echo "root:root" | chpasswd
---> Running in b07756b764ef
---> 11a182191463
Removing intermediate container b07756b764ef
Step 18/29 : RUN echo "beakerx:beakerx" | chpasswd
---> Running in 2f2bc836b1af
---> dee6ebdf5b9c
Removing intermediate container 2f2bc836b1af
Step 19/29 : RUN usermod -aG sudo beakerx
---> Running in 8a1ccfffd565
---> d7815406e070
Removing intermediate container 8a1ccfffd565
Step 20/29 : RUN echo beakerx | sudo -S chown -R beakerx:beakerx /home/beakerx/.local
---> Running in 19aebc73f517
---> a8cb84a563c5
Removing intermediate container 19aebc73f517
Step 21/29 : RUN echo beakerx | sudo -S find /home/beakerx/.local -type d -exec chmod 755 {} \;
---> Running in 7c2434fa279a
---> 5ce4b0b0e859
Removing intermediate container 7c2434fa279a
Step 22/29 : RUN echo beakerx | sudo -S find /home/beakerx/.local -type f -exec chmod 644 {} \;
---> Running in 5f57457f1fe5
---> 1bb42b3ef8f3
Removing intermediate container 5f57457f1fe5
Step 23/29 : RUN id
---> Running in 101209499f50
uid=0(root) gid=0(root) groups=0(root)
---> e45945b090ab
Removing intermediate container 101209499f50
Step 24/29 : RUN ls -la /home/beakerx/.local
---> Running in d337b58c1571
total 12
drwxr-xr-x 6 beakerx beakerx 4096 Sep 7 01:30 .
drwxr-xr-x 25 beakerx beakerx 4096 Sep 7 01:30 ..
drwxr-xr-x 6 beakerx beakerx 4096 Sep 7 01:30 share
---> 7fd474369e15
Removing intermediate container d337b58c1571
Step 25/29 : RUN ls -la /home/beakerx/.local/share
---> Running in e05cd55aaae6
total 12
drwxr-xr-x 6 beakerx beakerx 4096 Sep 7 01:30 .
drwxr-xr-x 6 beakerx beakerx 4096 Sep 7 01:30 ..
drwxr-xr-x 6 beakerx beakerx 4096 Sep 7 01:30 jupyter
---> 03191c2d9fc8
Removing intermediate container e05cd55aaae6
Step 26/29 : USER beakerx
---> Running in 40b2d522ea0f
---> 604503b2152b
Removing intermediate container 40b2d522ea0f
Step 27/29 : RUN id
---> Running in e7b8ed6a1165
uid=1000(beakerx) gid=1000(beakerx) groups=1000(beakerx),27(sudo)
---> 5987e9d9f0bb
Removing intermediate container e7b8ed6a1165
Step 28/29 : RUN ls -la /home/beakerx/.local
---> Running in 4c65bd4a383e
ls: cannot access '/home/beakerx/.local/share': Permission denied
total 8
drwxr-xr-x 6 beakerx beakerx 4096 Sep 7 01:30 .
drwxr-xr-x 25 beakerx beakerx 4096 Sep 7 01:30 ..
d????????? ? ? ? ? ? share
ERROR: Service 'beakerx-cling-prebuild' failed to build: The command '/bin/sh -c ls -la /home/beakerx/.local' returned a non-zero code: 1
That's quite strange, I can see the right permission using root, but a lot of question marks using other users. When I removed these debugging code and run this docker image, it gave me PermissionError: [Errno 13] Permission denied: '/home/beakerx/.local/share/jupyter/runtime' errors.
I have searched a lot on the Internet, but couldn't found some helpful info about this.
This is a very weird bug in older docker versions. It happens if the first user that access the directory is non-root. Just change the order of the commands to access the dir as user.
Run something like ls /home/beakerx/, before issuing USER beakerx.
It worked for me.
Related
I have a question about setuid:
for example, there is a file - 1.txt, only root has write permission:
$ll 1.txt
-rw-r--r--. 1 root root 57 Jul 1 12:19 1.txt
For an ordinary user to modify the file, I did the following:
$ sudo chmod u+s /usr/bin/echo
$ ll /usr/bin/echo
-rwsr-xr-x. 1 root root 33128 Oct 31 2018 /usr/bin/echo
However, when the user ran below command, it still got permission error.
$ echo 111 > 1.txt
bash: 1.txt: Permission denied
Then I did a similar test on ls command:
Only root has write permission to test/ directory:
$ ll -d test/
drw-------. 2 root root 34 Jul 1 14:18 test/
a user that run ls command would report an error
$ ls test/
ls: cannot open directory test/: Permission denied
Then setuid on ls command:
$ sudo chmod u+s /usr/bin/ls
$ ll /usr/bin/ls
-rwsr-xr-x. 1 root root 117680 Oct 31 2018 /usr/bin/ls
after this, the user was able to run the command
$ ls test/
1 23 4
What's the difference between echo and ls? Or what I missed here?
I have noticed a strange behavior in UNIX systems:
I'm standing in /noob/
I have a symbolic link to a folder (A# -> /B/C/D/A)
I enter the folder via my symlink (cd A)
pwd says /noob/A/
In /B/C/D/A/ i have a file abc which I can see now.
I want to copy it to /noob/
I type cp abc ..
I type cd ..
I end up in /noob/ which is empty - but the file ended up in /B/C/D/ ???
How come this ambiguity as to where cp and cd points when given .. as argument? I find it confusing. Can anyone explain it in terms I'll understand? (=simple)
All the best, and please forgive a UNIX-noob a stupid question. Lasse
First let's have a look at how cd command does behave by looking at the help menu. What we are looking for is option -L (the default behavior) and option -P
$ help cd cd: cd [-L|[-P [-e]] [-#]] [dir]
Change the shell working directory.
...
...
Options:
-L force symbolic links to be followed: resolve symbolic links in
DIR after processing instances of `..'
-P use the physical directory structure without following symbolic
links: resolve symbolic links in DIR before processing instances
of `..'
...
...
Important section
The default is to follow symbolic links, as if `-L' were specified.
`..' is processed by removing the immediately previous pathname component
back to a slash or the beginning of DIR.
Exit Status:
...
As you can see the default behavior of cd is not what you think it is since he will manipulate the $PWD variable accessed by pwd command in his own way, at each step you can run pwd command or do an echo $PWD to see how it reacts with the different cd commands hereunder.
Let's play with cd command:
We start from the following folder, with a sym link:
[/home/arobert/test/noob] >
ls -ltra
total 8
drwxrwxr-x 5 arobert arobert 4096 5月 11 09:48 ..
lrwxrwxrwx 1 arobert arobert 26 5月 11 09:48 A -> /home/arobert/link/B/C/D/A
drwxrwxr-x 2 arobert arobert 4096 5月 11 10:03 .
USAGE EXAMPLES:
[/home/arobert/test/noob] >
cd A
[/home/arobert/test/noob/A] >
cd ..
[/home/arobert/test/noob] >
cd -L A
[/home/arobert/test/noob/A] >
cd ..
[/home/arobert/test/noob] >
cd -P A
[/home/arobert/link/B/C/D/A] >
cd -P ..
[/home/arobert/link/B/C/D] >
cd /home/arobert/test/noob/
[/home/arobert/test/noob] >
cd A
[/home/arobert/test/noob/A] >
cd -P ..
[/home/arobert/link/B/C/D] >
Now let's play with readlink and cp command:
Let's say we have entered the symlink that points to A -> /home/arobert/link/B/C/D/A in which we have a file a
[/home/arobert/test/noob/A] >
ls -ltra
total 8
drwxrwxr-x 3 arobert arobert 4096 5月 11 09:55 ..
-rw-rw-r-- 1 arobert arobert 0 5月 11 10:10 a
drwxrwxr-x 2 arobert arobert 4096 5月 11 10:10 .
from this folder let's look at where does point . and .. by using readlink -f command:
[/home/arobert/test/noob/A] >
readlink -f .
/home/arobert/link/B/C/D/A
[/home/arobert/test/noob/A] >
readlink -f ..
/home/arobert/link/B/C/D
By consequence, when you run from the location /home/arobert/test/noob/A equivalent to /home/arobert/link/B/C/D/A the command cp a .. the file will be moved to /home/arobert/link/B/C/D as .. points to it.
What you can do now:
Use absolute path with your cp command to avoid bad surprise.
Call the command from /home/arobert/test/noob/ directory using
For example:
[/home/arobert/test/noob] >
cp A/a .
as readlink -f . points to the correct folder
[/home/arobert/test/noob] >
readlink -f .
/home/arobert/test/noob
Result:
[/home/arobert/test/noob] >
ls -ltra
total 8
drwxrwxr-x 5 arobert arobert 4096 5月 11 09:48 ..
lrwxrwxrwx 1 arobert arobert 26 5月 11 09:48 A -> /home/arobert/link/B/C/D/A
-rw-rw-r-- 1 arobert arobert 0 5月 11 10:13 a
drwxrwxr-x 2 arobert arobert 4096 5月 11 10:13 .
The program I'm running inside the Docker image, first creates a directory and writes some file into the directory.
To transfer the directory onto the host machine, I've mounted a datadir/ and then moved the directory created inside the image into the mounted directory, e.g.:
mkdir datadir
DATADIR=datadir/
docker run -i \
-v $(pwd)/$DATADIR:/$DATADIR/ ubuntu \
bash -c "mkdir /x1 && echo 'abc' > x1/test.txt && mv x1 $DATADIR"
But when I tried to access datadir/x1, it has root as the owner and it comes with read-only permissions:
$ mv datadir/x1/ .
mv: cannot move 'datadir/x1/' to './x1': Permission denied
$ ls -lah datadir/x1/
total 12K
drwxr-xr-x 2 root root 4.0K Jun 28 16:38 .
drwxrwxr-x 3 alvas alvas 4.0K Jun 28 16:38 ..
-rw-r--r-- 1 root root 4 Jun 28 16:38 test.txt
Is mounting the additional volume and copying the created directory inside the image the right approach to move files between the Docker image and the host machine? If not, what's the "canonical" way to perform the same operation?
About the directory permissions, what should be the correct way to assign the host machine permission to any files inside the mounted volume?
I've tried to chmod -R 777 inside the Docker image but I don't think that's the safe approach, i.e.:
$ docker run -i -v $(pwd)/$DATADIR:/$DATADIR/ -i ubuntu bash -c "mkdir /x1 && echo 'abc' > x1/test.txt && mv x1 $DATADIR && chmod -R 777 $DATADIR"
$ mv datadir/x1/ .
$ ls -lah x1
total 12K
drwxrwxrwx 2 root root 4.0K Jun 28 16:47 .
drwxrwxr-x 12 alvas alvas 4.0K Jun 28 16:47 ..
-rwxrwxrwx 1 root root 4 Jun 28 16:47 test.txt
To avoid permission issues use docker cp
For example:
# This is the directory you want to save the outputs
mkdir datadir
# We create a directory and file inside it, inside the Docker image.
# And we are naming the Docker image "thisinstance"
docker run -i --name thisinstance ubuntu \
bash -c "mkdir /x1 && echo 'abc' > x1/test.txt"
# Copies the new directory inside the Docker image to the host.
docker cp thisinstance:/x1 datadir/
# Destroy the temporary container
docker rm thisinstance
# Check the ownership of the directory and file
ls -lah datadir/x1/
[out]:
drwxr-xr-x 3 alvas 679754705 102B Jun 29 10:36 ./
drwxr-xr-x 3 alvas 679754705 102B Jun 29 10:36 ../
-rw-r--r-- 1 alvas 679754705 4B Jun 29 10:36 test.t
I have this file in my mounted partition
/path/to/hardDiskDrive/$ ls -l
-rw------- 1 arash arash 92827804 Jun 15 17:35 qt-creator-opensource-linux-x86_64-4.0.2.run
and then try to chmod it but nothing happens even with sudo
/path/to/hardDiskDrive/$ chmod +x qt-creator-opensource-linux-x86_64-4.0.2.run
/path/to/hardDiskDrive/$ ls -l
-rw------- 1 arash arash 92827804 Jun 15 17:35 qt-creator-opensource-linux-x86_64-4.0.2.run
but when i copy it to my Linux home directory everything works fine ..
What is the resne of this ?!!
~/Desktop $ ls -l
-rw------- 1 arash arash 92827804 Jun 15 17:35 qt-creator-opensource-linux-x86_64-4.0.2.run
~/Desktop $ chmod +x qt-creator-opensource-linux-x86_64-4.0.2.run
~/Desktop $ ls -l
-rwx--x--x 1 arash arash 92827804 Jun 15 17:35 qt-creator-opensource-linux-x86
What is the reason of this?!! and How can i run this file from original place in Hard Drive?
thanks
I have a symlink for my live server called current and I have releases in the releases directory, i.e current -> releases/2012-05-08_15-13
If I want to update the symlink of my current directory, I have to unlink/rm it and re ln -s it.
My question is: How can I remove the symlink and update it to the latest release in one step.
The form of ln is
ln -sf sourcefile targetlink
Try
ln -sf releases/2012-05-08_15-13 current
to remove the current and create the new link.
If you want to do it in a single command, do as #hughw suggests and run ln -sf.
If you want to replace the symlink atomically (ie. so that there's no point in time where the symlink doesn't exist) create a new symlink, then mv it over the old one.
As suggested by ToddR, here is the only answer that actually works on maybe most flavours of Linux - definately Ubuntu - which uses ln from coreutils package). Let me prove it to you.
matthewh#xen:~$ mkdir -p releases/dirA
matthewh#xen:~$ mkdir -p releases/dirB
matthewh#xen:~$ ln -s releases/dirA
matthewh#xen:~$ ls -l dirA
lrwxrwxrwx 1 matthewh matthewh 13 Apr 7 09:58 dirA -> releases/dirA
matthewh#xen:~$ ln -sf releases/dirB
matthewh#xen:~$ rm dirA
matthewh#xen:~$ ln -s releases/dirA current
matthewh#xen:~$ ln -sf releases/dirB current
matthewh#xen:~$ ls -l current
lrwxrwxrwx 1 matthewh matthewh 13 Apr 7 09:59 current -> releases/dirA <--- DOESN'T WORK!
matthewh#xen:~$ ln -sfn releases/dirB current <--- WORKS!
matthewh#xen:~$ ls -l current
lrwxrwxrwx 1 matthewh matthewh 13 Apr 7 09:59 current -> releases/dirB
So the correct method on Linux is:
ln -sfn source target
-n, --no-dereference
treat LINK_NAME as a normal file if it is a symbolic link to a directory
This is essential, if you do not use -n switch you will end up with a symlink inside source directory named "target".
In my examples,
matthewh#xen:~$ ls -l releases/dirA/
total 0
lrwxrwxrwx 1 matthewh matthewh 13 Apr 7 10:03 dirB -> releases/dirB
correct answer:
ln -s new current_tmp && mv -Tf current_tmp current
Move is atomic operation.
Don't use 'ln -snf'.
strace 'ln -snf' shows two system calls unlink + symlink.
This example clears the use of -sfn switch:
drwxr-xr-x. 10 root root 4096 Aug 25 18:24 .
dr-xr-xr-x. 25 root root 4096 Aug 19 10:32 ..
lrwxrwxrwx. 1 wildfly wildfly 25 Aug 25 18:15 wildfly -> /opt/wildfly-8.2.0.Final/
drwxr-xr-x. 10 wildfly wildfly 4096 Aug 25 18:28 wildfly-8.2.0.Final
link to link
| |
[gecloud#ip-10-227-224-45 opt]$ sudo ln -sfn wildfly-8.2.0.Final /opt/wildfly
[gecloud#ip-10-227-224-45 opt]$ ls -la
total 115540
drwxr-xr-x. 10 root root 4096 Aug 25 18:34 .
dr-xr-xr-x. 25 root root 4096 Aug 19 10:32 ..
lrwxrwxrwx. 1 root root 19 Aug 25 18:34 wildfly -> wildfly-8.2.0.Final
drwxr-xr-x. 10 wildfly wildfly 4096 Aug 25 18:28 wildfly-8.2.0.Final