chown operation not permitted

[timmillwood]

chown: /www/assets/house-icon.png: Operation not permitted
chown: /www/assets/icons/android-chrome-maskable-512x512.png: Operation not permitted
chown: /www/assets/icons/apple-touch-icon-60x60.png: Operation not permitted
chown: /www/assets/icons/apple-touch-icon.png: Operation not permitted
chown: /www/assets/icons/safari-pinned-tab.svg: Operation not permitted
chown: /www/assets/icons/favicon-16x16.png: Operation not permitted
chown: /www/assets/icons/apple-touch-icon-152x152.png: Operation not permitted
chown: /www/assets/icons/msapplication-icon-144x144.png: Operation not permitted
chown: /www/assets/icons/android-chrome-maskable-192x192.png: Operation not permitted
chown: /www/assets/icons/apple-touch-icon-180x180.png: Operation not permitted
chown: /www/assets/icons/mstile-150x150.png: Operation not permitted
chown: /www/assets/icons/android-chrome-192x192.png: Operation not permitted
chown: /www/assets/icons/android-chrome-512x512.png: Operation not permitted
chown: /www/assets/icons/favicon-32x32.png: Operation not permitted
chown: /www/assets/icons/apple-touch-icon-76x76.png: Operation not permitted
chown: /www/assets/icons/apple-touch-icon-120x120.png: Operation not permitted
chown: /www/assets/icons: Operation not permitted
chown: /www/assets/icons: Operation not permitted
chown: /www/assets/manifest.json: Operation not permitted
chown: /www/assets/tools/grafana.png: Operation not permitted
chown: /www/assets/tools/sample.png: Operation not permitted
chown: /www/assets/tools/prometheus.png: Operation not permitted
chown: /www/assets/tools/sample2.png: Operation not permitted
chown: /www/assets/tools: Operation not permitted
chown: /www/assets/tools: Operation not permitted
/entrypoint.sh: exec: line 15: su-exec: not found

[AlexanderEDavis]

Run it as admin

[timmillwood]

I'm running in docker.

[AlexanderEDavis]

Is it a nginx docker? Are you able to access the directories while it is stopped? If so male the changes when the container is not running. Dockers tend to lock all files while the container is running.

[GlennToms]

I think that the permissions for your mount doesn't match the user and group. What does
ls -la output when you run it on your mounted volume path?

[Johannp02180]

I have the same problem, doing your command shows the same permissions as the other working docker containers. This happened to me suddenly with no changes and then suddenly I get all the same errors.

[GlennToms]

I need to see the output. I can't help without it

[Johannp02180]

Yes, sorry. Here you go:

pi@raspberrypi:~/docker/homer $ ls -la
total 16
drwxr-xr-x  3 pi pi 4096 Jul  5 01:12 .
drwxr-xr-x 13 pi pi 4096 Jul  5 01:12 ..
drwxr-xr-x  3 pi pi 4096 Jul  5 01:12 assets
-rw-r--r--  1 pi pi 2645 Jul  5 01:12 config.yml

[GlennToms]

If you do id pi what number do you get 0 or 1000 or another number?
Fix will be to change your docker command user and group to match the same numbers.
docker run -e "UID=1000" -e "GID=1000" [...]

[Johannp02180]

I get

pi@raspberrypi:~/docker/homer $ id pi uid=1000(pi) gid=1000(pi) groups=1000(pi),4(adm),20(dialout),24(cdrom),27(sudo),29(audio),44(video),46(plugdev),60(games),100(users),105(input),109(netdev),999(spi),998(i2c),997(gpio),995(docker)

[GlennToms]

Add these environment variables to your docker command.
docker run -e "UID=1000" -e "GID=1000"
Homer runs as user 911 but the folder on your pi is running as 1000. The above command will fix it

[Johannp02180]

I just tried adding the environment labels and it didn't work. I use docker-compose and my config is

version: '2'
services:
    homer:
        ports:
            - 8095:8080
        volumes:
            - /home/pi/docker/homer/config.yml:/www/config.yml
            - /home/pi/docker/homer/assets/:/www/assets
        image: b4bz/homer:latest
        environment:
            - PUID=1000
            - PGID=1000
        restart: unless-stopped

[GlennToms]

No problem, you have an extra letter P
change

• PUID=1000
• PGID=1000
  To
• UID=1000
• GID=1000

Ohh and we don't mount the config.yml anymore it's all moving to just the assets folder

[Johannp02180]

Hmmm, I just tried removing the P (I got the P from linuxserver configs) and I'm still getting the same operation not permitted errors.

Thanks in advance.

[GlennToms]

Hmm I'm not sure at the moment then. I'd have to fire up my pi and check. Give me a couple of hours to get that tested.

[Johannp02180]

No problem, thank you for the help so far.

[Borkuz]

I got sort off the same problem on my rapsberry pi.
this is the command i run:
docker run --name "homer" -e "UID=1000" -e "GID=1000" -p 8888:8080 -v /home/pi/.config/appdata/homer:/www/assets b4bz/homer:latest

and get this output:
chown: /www/assets/*: No such file or directory /entrypoint.sh: exec: line 15: su-exec: not found

[sebrink]

Same issues as above.

Trying to use docker-compose to set this up:

root@odroid:~/homer# cat docker-compose.yml
---
version: "2"
services:
  homer:
    image: b4bz/homer
    container_name: homer
    volumes:
      - /root/homer/assets/:/www/assets
    ports:
      - 8080:8080
    environment:
      - UID=1000
      - GID=1000
    restart: unless-stopped

I get this output:

root@odroid:~/homer# docker-compose up
Creating network "homer_default" with the default driver
Creating homer ... done
Attaching to homer
homer    | chown: /www/assets/*: No such file or directory
homer    | /entrypoint.sh: exec: line 15: su-exec: not found

[ikaruswill]

+1 I'm facing the same issue on

b4bz/homer:latest
DIGEST:sha256:b732944f26bc1e3745cae11eccd641f582b8f899154af391a6545ab62c196d3c

However, I'm not on a Raspberry Pi, I'm on an arm64 device.

Likewise, I get the same log output and have been running homer just fine until recently.

...
chown: /www/assets/icons: Operation not permitted
/entrypoint.sh: exec: line 15: su-exec: not found

[GlennToms]

I checked this out this morning and there is a problem with the last two lines in the entry point script. I'll do more troubleshooting asap

[GlennToms]

In the docker we switch user then run the entrypoint script, that user doesn't have permission to run chown and su-exec.

Can someone test by removing the USER line (line 38 I think ) in either ARM docker files then rebuild and test?
I'm not at my computer until the weekend to test myself.

[sebrink]

Removed the USER ${USER} on line 38 of this file: https://github.com/bastienwirtz/homer/blob/master/Dockerfile.arm32v7 (changed the name to Dockerfile). I'm running on an odroid which is running 32bit Arm.

Docker-compose attempt, still failing in the same way as before:

root@odroid:~/homer# docker-compose build && docker-compose up
homer uses an image, skipping
Creating network "homer_default" with the default driver
Creating homer ... done
Attaching to homer
homer    | chown: /www/assets/*: No such file or directory
homer    | /entrypoint.sh: exec: line 15: su-exec: not found
homer exited with code 127
homer exited with code 127
homer exited with code 127

Contents of the Dockerfile:

root@odroid:~/homer# cat Dockerfile
# build stage
FROM node:lts-alpine as build-stage

WORKDIR /app

COPY package*.json ./
RUN yarn install --frozen-lockfile

COPY . .
RUN yarn build

# Multi arch build support
FROM alpine as qemu

ARG QEMU_VERSION="v4.2.0-7"

RUN wget https://github.com/multiarch/qemu-user-static/releases/download/${QEMU_VERSION}/qemu-arm-static && chmod +x qemu-arm-static

# production stage
FROM arm32v7/alpine:3.11

COPY --from=qemu qemu-arm-static /usr/bin/

ENV USER darkhttpd
ENV GROUP darkhttpd
ENV GID 911
ENV UID 911
ENV PORT 8080

RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \
    apk add -U darkhttpd && \
    rm /usr/bin/qemu-arm-static

COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
COPY --chown=${USER}:${GROUP} entrypoint.sh /entrypoint.sh

EXPOSE ${PORT}
VOLUME /www/assets
ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]

My compose file, just in case you believe it to be a compose error (which I doubt, however just trying to give as much info as possible:

root@odroid:~/homer# cat docker-compose.yml
---
version: "2"
services:
  homer:
    image: b4bz/homer
    container_name: homer
    volumes:
      - /root/homer/assets/:/www/assets
    ports:
      - 80:8080
    environment:
      - UID=1000
      - GID=1000
    restart: unless-stopped

[GlennToms]

Created new pull request #108 that hopefully fixes these issues.

1. Added missing APK su-exec
2. Removed switching user accounts that stops chown from running (security is handled by su-exec)

[Johannp02180]

Hi,

I’m not sure if I’m on the right version, but I deleted the docket images and make a new homer instance I think it should be pulling the new image. It still seems like the chown issue persists

Thanks for the continued support

[GlennToms]

If you're only pulling the image from dockerhub you'll need to wait for my fix to be pulled in this repo then uploaded to dockerhub.

If you building the image from this repo it should be working... Hopefully...

[bastienwirtz]

Hi there!

As @GlennToms spotted (thanks!), some there was some errors in the docker files & entrypoint. I've just merged the PR, which should fix the issues.

btw, I added release tags builds so you can use homer:20.07.2 or any other tag instead of latest.

Let me know !

[ikaruswill]

@bastienwirtz @GlennToms
I've tested on both armv7 and arm64, homer:20.07.2 works now. Thanks for this!

[bastienwirtz]

Cool! Thanks for the feedback @ikaruswill !

[Johannp02180]

Yes I can also confirm that it works! Watchtower automatically updated it and it is now working! Thanks again for the help

[bastienwirtz]

Perfect! I close the issue, feel free to reopen is anything wrong.