Attempting to change ownership or permissions on a bind-mounted volume via docker exec fails #587

Open
samling opened this Issue Oct 22, 2014 · 55 comments

Projects

None yet
@samling
samling commented Oct 22, 2014

I noticed this behavior yesterday when trying to bind-mount a local directory containing a webapp into my container so I could work on it without having to restart the container after every change. The app's framework is very particular about permissions, so I thought I'd try using docker exec to change them. The run command is something like:

docker run -v /Users/sboynton/project/webapp/:/app -t imagename

Then I ran the following to check permissions:

docker exec container_name ls -la /app

Which gives:

[...]
-rw-r--r--   1 1000 staff   174 Jun 26 22:24 build.properties
-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml
-rw-r--r--   1 1000 staff  1464 Jun 26 22:24 index.php
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 lib
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 plugins
[...]

The following command should work, and does on files created by e.g. "docker exec container_name touch file_name", but doesn't in this scenario:

docker exec container_name chown www-data:www-data /app/build.xml

Running ls -la /app/build.xml still returns:

-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml

Some other things that have been tried are creating a new file in the container's /tmp directory and attempting the same ownership change (works), creating a new file via docker exec in /app and attempting the same (fails), and attempting to change ownership using uid/gid instead of names (e.g. 33:33) (fails). chown, chgrp and chmod all exhibit this same behavior.

If this is a Docker issue and not a boot2docker issue, please let me know and I'll take the issue over there. However, users who tried the above from a Linux Docker host instead of through boot2docker were able to successfully modify permissions/ownership, which leads me to believe this is an issue with boot2docker.

@SvenDowideit
Member

this is a duplicate of #581(I'm not closing to make it easier for people to find)

@SvenDowideit SvenDowideit added this to the 1.3.1 milestone Oct 23, 2014
@mnapoli
mnapoli commented Oct 23, 2014

+1 been pulling my hair all day on this.

@tianon tianon modified the milestone: 1.3.1 Oct 23, 2014
@crucialfelix

To add to this, not only do chown/chmod not have any effect from inside the container, they also do not have any affect from the boot2docker vm shell. so its natural that the container has no ability to modifiy since the host (boot2docker VM) cannot modify the files on the real host (OS X)

I guess this is a read only mount ?

Permissions show the files as owned by docker:

docker@boot2docker:/Users/crucial/shared/postgres$ ls -la
-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

But can't touch this:

# no error message, but does not actually touch the file
 docker@boot2docker:/Users/crucial/shared/postgres$ touch /Users/crucial/shared/postgres/postgresql.conf
# sudo make me a sandwich
docker@boot2docker:/Users/crucial/shared/postgres$ sudo touch postgresql.conf

Still untouched:

-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

cat throws an error:

cat "# added a line" >> /Users/crucial/shared/postgres/postgresql.conf
-sh: can't create /Users/crucial/shared/postgres/postgresql.conf: Operation not permitted

chown and chmod of course do not work. although I'm doing this on a large postgres data directory and it does take a while to run. so it is doing work. but there is no change

@paolomainardi
Contributor

Same issue here, shared local volumes from osx to containers are unable to handle permissions properly, which makes boot2docker unusable for a local dev environments. I've also tried to work just with data containerz, but exporting them with NFS/samba is a performance nightmare, a simple 'git status' takes seconds.

@paolomainardi
Contributor

My temporary solution is to use NFS shared folders instead of vboxfs, as vagrant does.

From osx "/etc/exports":
/Users -mapall=[youruser]:[yourgroup] [boot2dockerip]

From boot2docker umount/remount /Users using NFS:

sudo umount /Users
sudo /usr/local/etc/init.d/nfs-client start
sudo mount 192.168.59.3:/Users /Users -o rw,async,noatime,rsize=32768,wsize=32768,proto=tcp
@SvenDowideit
Member

@paolomainardi yup, that was one of the solutions we should explore.

@chiefy
chiefy commented Feb 5, 2015

@paolomainardi thanks for that tip - helped me out big time!

@mikeys
mikeys commented Feb 9, 2015

@paolomainardi Maybe i'm doing something wrong: I can't run unmount from within the boot2docker virtual machine...

@paolomainardi
Contributor

@mikeys let me see the error log output

@mikeys
mikeys commented Feb 9, 2015

My bad, it's umount not unmount. Thanks!

@mikeys
mikeys commented Feb 9, 2015

@paolomainardi I'm facing something really odd, the data is persisted but for some reason I can't see any files the volumes i've mounted... both in the host and from inside the container...

@paolomainardi
Contributor

@mikeys are you using fig ?

@mikeys
mikeys commented Feb 9, 2015

@paolomainardi Yes I am

@paolomainardi
Contributor

@mikeys sometimes it happens, i really don't why. If you don't have anything important try to docker rm -fdocker ps -a -q`` and start them from scratch.

@mikeys
mikeys commented Feb 9, 2015

@paolomainardi Wow... the entire eco-system is shaky lol. Thanks, that actually worked but all those workarounds feel very unstable ๐Ÿ˜ž .

@paolomainardi
Contributor

@mikeys i agree, maybe with docker-compose things will change :)

@sheetweaver

hmm... so I got the same problem with docker-compose that mikeys got with fig. I guess changing the name didn't fix the bug after all. :) ... is this a "known issue" (with a bug report somewhere)?

@ataraxus

stumbled into this issue right now. really anoying

@RobQuads
RobQuads commented May 5, 2015

I've been also hitting this issue similar to this trying to run the ibmimages/mqadvanced image on a Mac running boot2docker within VirtualBox. If you point to a local filesystem within the boot2docker image it works fine but if you try and use a mounted folder such as /Users on a mac it fails to change the permissions of the mounted files thus resulting in the container failing.
Would be great to get this working.

@nicbarker

+1 just ran into this issue.

@firelife

+1 postgresql with boot2docker on mac

@alefi87
alefi87 commented Jun 1, 2015

+1

@chouclee
chouclee commented Jun 5, 2015

+1 permission denied

@ayeo
ayeo commented Jun 7, 2015

+1

@jaco
jaco commented Jun 11, 2015

+1

@nicekiwi

+1

@ierceg
ierceg commented Jun 22, 2015

+1

@hanskoff

+1

@ayeo
ayeo commented Jun 24, 2015

To grant permissions to www-data (Apache2, PHP) you can use:

RUN usermod -u 1000 www-data 
@ierceg
ierceg commented Jun 24, 2015

@ayeo this work - thanks! Though I had to restart the service.

@dansoton

+1 rabbitmq volume-binding ssl keys from host not accessible to rabbitmq server since it runs under rabbitmq user.

@otobrglez

@ayeo You are my hero of the day. ๐Ÿ‘ Cheers!

@asheshambasta

+1 same issue. Docker is completely useless for us because of this.
After all this fuss about docker, I pitched docker to my dev. team as an option to optimise our deployments and right after the install, we run into really basic issues like these. ๐Ÿ‘Ž Seriously.

@bryanallen

+1

@mnapoli
mnapoli commented Sep 23, 2015

@asheshambasta I use Dinghy, just install it instead of boot2docker and it just works ยฎ (at least it does for me).

@kcrawley
kcrawley commented Oct 1, 2015

@ayeo can confirm that this hack works with php-fpm as well. thank you.

๐Ÿ‘ to fix, plz.

@jaryroxas

+1

RUN usermod -u 1000 www-data @ayeo this works

@Server4001

+1

As @ayeo mentioned, "usermod -u 1000 www-data" does work

@ndelitski

+1

@ghost
ghost commented Nov 2, 2015

+1

@marymissmary marymissmary pushed a commit to marymissmary/crossfit_workouts that referenced this issue Nov 2, 2015
@marohrdanz marohrdanz hack to allow chown on mounted volume
I was having problems with the permissions on the mounted volume for the
actual elasticseach data. So I used the usrmod hack.
boot2docker/boot2docker#587
43caafa
@minskmaz
minskmaz commented Nov 4, 2015

+1. this is a serious issue.

@rossedman

+1. I have encountered this problem on Vagrant before as well. Shared files are always the issue. Would love to see this fixed.

@minskmaz
minskmaz commented Nov 5, 2015

I was able to get around this using --volumes-from
some/data-only/container_id

On Wed, Nov 4, 2015 at 6:50 PM, Ross Edman notifications@github.com wrote:

+1. I have encountered this problem on Vagrant before as well. Shared
files are always the issue. Would love to see this fixed.

โ€”
Reply to this email directly or view it on GitHub
#587 (comment)
.

@ducdebreme

+1

@deekthesqueak deekthesqueak referenced this issue in docker/compose Nov 18, 2015
Closed

Volumes not mounting correctly #2354

@scribnar

+1 Wasted many hours on this. Permission does not change if a folder is mounted as volume and when trying to change ownership inside container using chown

@ozlerhakan

+1

@krasi-georgiev

nfs sharing by default +1

@Bregor Bregor added a commit to Bregor/mysql that referenced this issue Jan 4, 2016
@Bregor Bregor Fixes #99
`docker-machine` and `boot2docker` in OS X with VirtualBox as backend
mounts vboxsf as UID=1000, GID=50, so user with UID=1000 will have permissions
to write to the data volume mounted as `-v /Users/somebody/mysqldata:/var/lib/mysql`
for example.

For details see:
- boot2docker/boot2docker#581
- boot2docker/boot2docker#587 (comment)
- docker/machine#2660 (comment)
6468d07
@Bregor Bregor referenced this issue in docker-library/mysql Jan 4, 2016
Closed

Fixes #99 #128

@bobintornado

+1
running crazy against following error now on my coreos kubernetes cluster
chmod: changing permissions of โ€˜/var/lib/postgresql/data/pgdataโ€™: Operation not permitted

@jackmcpickle

Everyone should try the new 'native' docker for mac/window which is in beta now. Mounting files inside my app work fine now. So long as I change the permissions on runtime.

@andrerom andrerom referenced this issue in ezsystems/ezplatform May 22, 2016
Closed

Handle Docker Machine users when using NFS #111

@yongzhihuang

+1

What exactly is staff? Like @ayeo said, it works when you change the user via:
usermod -u 1000 www-data, but this does not persist, would need to pass this as part of command in the container config (docker compose or dockerfile).

@jackmcpickle going to try the native docker for mac and test this out. Thanks!

@solsson solsson referenced this issue in kubernetes/minikube Jul 18, 2016
Open

Support mounting host directories into pods #2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment