Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attempting to change ownership or permissions on a bind-mounted volume via docker exec fails #587

Open
samling opened this issue Oct 22, 2014 · 55 comments
Labels

Comments

@samling
Copy link

@samling samling commented Oct 22, 2014

I noticed this behavior yesterday when trying to bind-mount a local directory containing a webapp into my container so I could work on it without having to restart the container after every change. The app's framework is very particular about permissions, so I thought I'd try using docker exec to change them. The run command is something like:

docker run -v /Users/sboynton/project/webapp/:/app -t imagename

Then I ran the following to check permissions:

docker exec container_name ls -la /app

Which gives:

[...]
-rw-r--r--   1 1000 staff   174 Jun 26 22:24 build.properties
-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml
-rw-r--r--   1 1000 staff  1464 Jun 26 22:24 index.php
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 lib
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 plugins
[...]

The following command should work, and does on files created by e.g. "docker exec container_name touch file_name", but doesn't in this scenario:

docker exec container_name chown www-data:www-data /app/build.xml

Running ls -la /app/build.xml still returns:

-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml

Some other things that have been tried are creating a new file in the container's /tmp directory and attempting the same ownership change (works), creating a new file via docker exec in /app and attempting the same (fails), and attempting to change ownership using uid/gid instead of names (e.g. 33:33) (fails). chown, chgrp and chmod all exhibit this same behavior.

If this is a Docker issue and not a boot2docker issue, please let me know and I'll take the issue over there. However, users who tried the above from a Linux Docker host instead of through boot2docker were able to successfully modify permissions/ownership, which leads me to believe this is an issue with boot2docker.

@SvenDowideit
Copy link
Contributor

@SvenDowideit SvenDowideit commented Oct 23, 2014

this is a duplicate of #581(I'm not closing to make it easier for people to find)

@SvenDowideit SvenDowideit added this to the 1.3.1 milestone Oct 23, 2014
@mnapoli
Copy link

@mnapoli mnapoli commented Oct 23, 2014

+1 been pulling my hair all day on this.

@tianon tianon modified the milestone: 1.3.1 Oct 23, 2014
@crucialfelix
Copy link

@crucialfelix crucialfelix commented Nov 18, 2014

To add to this, not only do chown/chmod not have any effect from inside the container, they also do not have any affect from the boot2docker vm shell. so its natural that the container has no ability to modifiy since the host (boot2docker VM) cannot modify the files on the real host (OS X)

I guess this is a read only mount ?

Permissions show the files as owned by docker:

docker@boot2docker:/Users/crucial/shared/postgres$ ls -la
-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

But can't touch this:

# no error message, but does not actually touch the file
 docker@boot2docker:/Users/crucial/shared/postgres$ touch /Users/crucial/shared/postgres/postgresql.conf
# sudo make me a sandwich
docker@boot2docker:/Users/crucial/shared/postgres$ sudo touch postgresql.conf

Still untouched:

-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

cat throws an error:

cat "# added a line" >> /Users/crucial/shared/postgres/postgresql.conf
-sh: can't create /Users/crucial/shared/postgres/postgresql.conf: Operation not permitted

chown and chmod of course do not work. although I'm doing this on a large postgres data directory and it does take a while to run. so it is doing work. but there is no change

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Dec 4, 2014

Same issue here, shared local volumes from osx to containers are unable to handle permissions properly, which makes boot2docker unusable for a local dev environments. I've also tried to work just with data containerz, but exporting them with NFS/samba is a performance nightmare, a simple 'git status' takes seconds.

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Dec 5, 2014

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Dec 14, 2014

My temporary solution is to use NFS shared folders instead of vboxfs, as vagrant does.

From osx "/etc/exports":
/Users -mapall=[youruser]:[yourgroup] [boot2dockerip]

From boot2docker umount/remount /Users using NFS:

sudo umount /Users
sudo /usr/local/etc/init.d/nfs-client start
sudo mount 192.168.59.3:/Users /Users -o rw,async,noatime,rsize=32768,wsize=32768,proto=tcp
@SvenDowideit
Copy link
Contributor

@SvenDowideit SvenDowideit commented Dec 15, 2014

@paolomainardi yup, that was one of the solutions we should explore.

@chiefy
Copy link

@chiefy chiefy commented Feb 5, 2015

@paolomainardi thanks for that tip - helped me out big time!

@mikeys
Copy link

@mikeys mikeys commented Feb 9, 2015

@paolomainardi Maybe i'm doing something wrong: I can't run unmount from within the boot2docker virtual machine...

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Feb 9, 2015

@mikeys let me see the error log output

@mikeys
Copy link

@mikeys mikeys commented Feb 9, 2015

My bad, it's umount not unmount. Thanks!

@mikeys
Copy link

@mikeys mikeys commented Feb 9, 2015

@paolomainardi I'm facing something really odd, the data is persisted but for some reason I can't see any files the volumes i've mounted... both in the host and from inside the container...

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Feb 9, 2015

@mikeys are you using fig ?

@mikeys
Copy link

@mikeys mikeys commented Feb 9, 2015

@paolomainardi Yes I am

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Feb 9, 2015

@mikeys sometimes it happens, i really don't why. If you don't have anything important try to docker rm -fdocker ps -a -q`` and start them from scratch.

@mikeys
Copy link

@mikeys mikeys commented Feb 9, 2015

@paolomainardi Wow... the entire eco-system is shaky lol. Thanks, that actually worked but all those workarounds feel very unstable 😞 .

@paolomainardi
Copy link
Contributor

@paolomainardi paolomainardi commented Feb 9, 2015

@mikeys i agree, maybe with docker-compose things will change :)

@sheetweaver
Copy link

@sheetweaver sheetweaver commented Mar 31, 2015

hmm... so I got the same problem with docker-compose that mikeys got with fig. I guess changing the name didn't fix the bug after all. :) ... is this a "known issue" (with a bug report somewhere)?

@ataraxus
Copy link

@ataraxus ataraxus commented Apr 30, 2015

stumbled into this issue right now. really anoying

@IBMRob
Copy link

@IBMRob IBMRob commented May 5, 2015

I've been also hitting this issue similar to this trying to run the ibmimages/mqadvanced image on a Mac running boot2docker within VirtualBox. If you point to a local filesystem within the boot2docker image it works fine but if you try and use a mounted folder such as /Users on a mac it fails to change the permissions of the mounted files thus resulting in the container failing.
Would be great to get this working.

@EwanValentine
Copy link

@EwanValentine EwanValentine commented May 11, 2015

+1

@nicbarker
Copy link

@nicbarker nicbarker commented May 16, 2015

+1 just ran into this issue.

@firelife
Copy link

@firelife firelife commented May 20, 2015

+1 postgresql with boot2docker on mac

@notsureifkevin
Copy link

@notsureifkevin notsureifkevin commented Oct 1, 2015

@ayeo can confirm that this hack works with php-fpm as well. thank you.

👍 to fix, plz.

@jaryroxas
Copy link

@jaryroxas jaryroxas commented Oct 25, 2015

+1

RUN usermod -u 1000 www-data @ayeo this works

@Server4001
Copy link

@Server4001 Server4001 commented Oct 28, 2015

+1

As @ayeo mentioned, "usermod -u 1000 www-data" does work

@ndelitski
Copy link

@ndelitski ndelitski commented Nov 2, 2015

+1

1 similar comment
@ghost
Copy link

@ghost ghost commented Nov 2, 2015

+1

nonlinear-vegan pushed a commit to nonlinear-vegan/crossfit_workouts that referenced this issue Nov 2, 2015
I was having problems with the permissions on the mounted volume for the
actual elasticseach data. So I used the usrmod hack.
boot2docker/boot2docker#587
@minskmaz
Copy link

@minskmaz minskmaz commented Nov 4, 2015

+1. this is a serious issue.

@rossedman
Copy link

@rossedman rossedman commented Nov 5, 2015

+1. I have encountered this problem on Vagrant before as well. Shared files are always the issue. Would love to see this fixed.

@minskmaz
Copy link

@minskmaz minskmaz commented Nov 5, 2015

I was able to get around this using --volumes-from
some/data-only/container_id

On Wed, Nov 4, 2015 at 6:50 PM, Ross Edman notifications@github.com wrote:

+1. I have encountered this problem on Vagrant before as well. Shared
files are always the issue. Would love to see this fixed.


Reply to this email directly or view it on GitHub
#587 (comment)
.

@ducdebreme
Copy link

@ducdebreme ducdebreme commented Nov 18, 2015

+1

@scribnar
Copy link

@scribnar scribnar commented Nov 28, 2015

+1 Wasted many hours on this. Permission does not change if a folder is mounted as volume and when trying to change ownership inside container using chown

@ozlerhakan
Copy link

@ozlerhakan ozlerhakan commented Dec 3, 2015

+1

@krasi-georgiev
Copy link

@krasi-georgiev krasi-georgiev commented Dec 6, 2015

nfs sharing by default +1

@bobintornado
Copy link

@bobintornado bobintornado commented May 15, 2016

+1
running crazy against following error now on my coreos kubernetes cluster
chmod: changing permissions of ‘/var/lib/postgresql/data/pgdata’: Operation not permitted

@RadikChernyshov
Copy link

@RadikChernyshov RadikChernyshov commented May 18, 2016

+1

@jackmcpickle
Copy link

@jackmcpickle jackmcpickle commented May 18, 2016

Everyone should try the new 'native' docker for mac/window which is in beta now. Mounting files inside my app work fine now. So long as I change the permissions on runtime.

@yongzhihuang
Copy link

@yongzhihuang yongzhihuang commented Jul 14, 2016

+1

What exactly is staff? Like @ayeo said, it works when you change the user via:
usermod -u 1000 www-data, but this does not persist, would need to pass this as part of command in the container config (docker compose or dockerfile).

@jackmcpickle going to try the native docker for mac and test this out. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.