Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.

Attempting to change ownership or permissions on a bind-mounted volume via docker exec fails #587

Open
samling opened this issue Oct 22, 2014 · 55 comments
Labels

Comments

@samling
Copy link

samling commented Oct 22, 2014

I noticed this behavior yesterday when trying to bind-mount a local directory containing a webapp into my container so I could work on it without having to restart the container after every change. The app's framework is very particular about permissions, so I thought I'd try using docker exec to change them. The run command is something like:

docker run -v /Users/sboynton/project/webapp/:/app -t imagename

Then I ran the following to check permissions:

docker exec container_name ls -la /app

Which gives:

[...]
-rw-r--r--   1 1000 staff   174 Jun 26 22:24 build.properties
-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml
-rw-r--r--   1 1000 staff  1464 Jun 26 22:24 index.php
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 lib
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 plugins
[...]

The following command should work, and does on files created by e.g. "docker exec container_name touch file_name", but doesn't in this scenario:

docker exec container_name chown www-data:www-data /app/build.xml

Running ls -la /app/build.xml still returns:

-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml

Some other things that have been tried are creating a new file in the container's /tmp directory and attempting the same ownership change (works), creating a new file via docker exec in /app and attempting the same (fails), and attempting to change ownership using uid/gid instead of names (e.g. 33:33) (fails). chown, chgrp and chmod all exhibit this same behavior.

If this is a Docker issue and not a boot2docker issue, please let me know and I'll take the issue over there. However, users who tried the above from a Linux Docker host instead of through boot2docker were able to successfully modify permissions/ownership, which leads me to believe this is an issue with boot2docker.

@SvenDowideit
Copy link
Contributor

SvenDowideit commented Oct 23, 2014

this is a duplicate of #581(I'm not closing to make it easier for people to find)

@SvenDowideit SvenDowideit added this to the 1.3.1 milestone Oct 23, 2014
@mnapoli
Copy link

mnapoli commented Oct 23, 2014

+1 been pulling my hair all day on this.

@tianon tianon modified the milestone: 1.3.1 Oct 23, 2014
@crucialfelix
Copy link

crucialfelix commented Nov 18, 2014

To add to this, not only do chown/chmod not have any effect from inside the container, they also do not have any affect from the boot2docker vm shell. so its natural that the container has no ability to modifiy since the host (boot2docker VM) cannot modify the files on the real host (OS X)

I guess this is a read only mount ?

Permissions show the files as owned by docker:

docker@boot2docker:/Users/crucial/shared/postgres$ ls -la
-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

But can't touch this:

# no error message, but does not actually touch the file
 docker@boot2docker:/Users/crucial/shared/postgres$ touch /Users/crucial/shared/postgres/postgresql.conf
# sudo make me a sandwich
docker@boot2docker:/Users/crucial/shared/postgres$ sudo touch postgresql.conf

Still untouched:

-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

cat throws an error:

cat "# added a line" >> /Users/crucial/shared/postgres/postgresql.conf
-sh: can't create /Users/crucial/shared/postgres/postgresql.conf: Operation not permitted

chown and chmod of course do not work. although I'm doing this on a large postgres data directory and it does take a while to run. so it is doing work. but there is no change

@paolomainardi
Copy link
Contributor

paolomainardi commented Dec 4, 2014

Same issue here, shared local volumes from osx to containers are unable to handle permissions properly, which makes boot2docker unusable for a local dev environments. I've also tried to work just with data containerz, but exporting them with NFS/samba is a performance nightmare, a simple 'git status' takes seconds.

@paolomainardi
Copy link
Contributor

paolomainardi commented Dec 5, 2014

@paolomainardi
Copy link
Contributor

paolomainardi commented Dec 14, 2014

My temporary solution is to use NFS shared folders instead of vboxfs, as vagrant does.

From osx "/etc/exports":
/Users -mapall=[youruser]:[yourgroup] [boot2dockerip]

From boot2docker umount/remount /Users using NFS:

sudo umount /Users
sudo /usr/local/etc/init.d/nfs-client start
sudo mount 192.168.59.3:/Users /Users -o rw,async,noatime,rsize=32768,wsize=32768,proto=tcp

@SvenDowideit
Copy link
Contributor

SvenDowideit commented Dec 15, 2014

@paolomainardi yup, that was one of the solutions we should explore.

@chiefy
Copy link

chiefy commented Feb 5, 2015

@paolomainardi thanks for that tip - helped me out big time!

@mikeys
Copy link

mikeys commented Feb 9, 2015

@paolomainardi Maybe i'm doing something wrong: I can't run unmount from within the boot2docker virtual machine...

@paolomainardi
Copy link
Contributor

paolomainardi commented Feb 9, 2015

@mikeys let me see the error log output

@mikeys
Copy link

mikeys commented Feb 9, 2015

My bad, it's umount not unmount. Thanks!

@mikeys
Copy link

mikeys commented Feb 9, 2015

@paolomainardi I'm facing something really odd, the data is persisted but for some reason I can't see any files the volumes i've mounted... both in the host and from inside the container...

@paolomainardi
Copy link
Contributor

paolomainardi commented Feb 9, 2015

@mikeys are you using fig ?

@mikeys
Copy link

mikeys commented Feb 9, 2015

@paolomainardi Yes I am

@paolomainardi
Copy link
Contributor

paolomainardi commented Feb 9, 2015

@mikeys sometimes it happens, i really don't why. If you don't have anything important try to docker rm -fdocker ps -a -q`` and start them from scratch.

@mikeys
Copy link

mikeys commented Feb 9, 2015

@paolomainardi Wow... the entire eco-system is shaky lol. Thanks, that actually worked but all those workarounds feel very unstable 😞 .

@paolomainardi
Copy link
Contributor

paolomainardi commented Feb 9, 2015

@mikeys i agree, maybe with docker-compose things will change :)

@sheetweaver
Copy link

sheetweaver commented Mar 31, 2015

hmm... so I got the same problem with docker-compose that mikeys got with fig. I guess changing the name didn't fix the bug after all. :) ... is this a "known issue" (with a bug report somewhere)?

@ataraxus
Copy link

ataraxus commented Apr 30, 2015

stumbled into this issue right now. really anoying

@IBMRob
Copy link

IBMRob commented May 5, 2015

I've been also hitting this issue similar to this trying to run the ibmimages/mqadvanced image on a Mac running boot2docker within VirtualBox. If you point to a local filesystem within the boot2docker image it works fine but if you try and use a mounted folder such as /Users on a mac it fails to change the permissions of the mounted files thus resulting in the container failing.
Would be great to get this working.

@EwanValentine
Copy link

EwanValentine commented May 11, 2015

+1

@nicbarker
Copy link

nicbarker commented May 16, 2015

+1 just ran into this issue.

@firelife
Copy link

firelife commented May 20, 2015

+1 postgresql with boot2docker on mac

@mnapoli
Copy link

mnapoli commented Sep 23, 2015

@asheshambasta I use Dinghy, just install it instead of boot2docker and it just works ® (at least it does for me).

@kevtainer
Copy link

kevtainer commented Oct 1, 2015

@ayeo can confirm that this hack works with php-fpm as well. thank you.

👍 to fix, plz.

@jaryroxas
Copy link

jaryroxas commented Oct 25, 2015

+1

RUN usermod -u 1000 www-data @ayeo this works

@Server4001
Copy link

Server4001 commented Oct 28, 2015

+1

As @ayeo mentioned, "usermod -u 1000 www-data" does work

@ndelitski
Copy link

ndelitski commented Nov 2, 2015

+1

1 similar comment
@ghost
Copy link

ghost commented Nov 2, 2015

+1

nonlinear-vegan pushed a commit to nonlinear-vegan/crossfit_workouts that referenced this issue Nov 2, 2015
I was having problems with the permissions on the mounted volume for the
actual elasticseach data. So I used the usrmod hack.
boot2docker/boot2docker#587
@minskmaz
Copy link

minskmaz commented Nov 4, 2015

+1. this is a serious issue.

@rossedman
Copy link

rossedman commented Nov 5, 2015

+1. I have encountered this problem on Vagrant before as well. Shared files are always the issue. Would love to see this fixed.

@minskmaz
Copy link

minskmaz commented Nov 5, 2015

I was able to get around this using --volumes-from
some/data-only/container_id

On Wed, Nov 4, 2015 at 6:50 PM, Ross Edman notifications@github.com wrote:

+1. I have encountered this problem on Vagrant before as well. Shared
files are always the issue. Would love to see this fixed.


Reply to this email directly or view it on GitHub
#587 (comment)
.

@ducdebreme
Copy link

ducdebreme commented Nov 18, 2015

+1

@scribnar
Copy link

scribnar commented Nov 28, 2015

+1 Wasted many hours on this. Permission does not change if a folder is mounted as volume and when trying to change ownership inside container using chown

@ozlerhakan
Copy link

ozlerhakan commented Dec 3, 2015

+1

@krasi-georgiev
Copy link

krasi-georgiev commented Dec 6, 2015

nfs sharing by default +1

@bobintornado
Copy link

bobintornado commented May 15, 2016

+1
running crazy against following error now on my coreos kubernetes cluster
chmod: changing permissions of ‘/var/lib/postgresql/data/pgdata’: Operation not permitted

@rodionchernyshov
Copy link

rodionchernyshov commented May 18, 2016

+1

@jackmcpickle
Copy link

jackmcpickle commented May 18, 2016

Everyone should try the new 'native' docker for mac/window which is in beta now. Mounting files inside my app work fine now. So long as I change the permissions on runtime.

@yongzhihuang
Copy link

yongzhihuang commented Jul 14, 2016

+1

What exactly is staff? Like @ayeo said, it works when you change the user via:
usermod -u 1000 www-data, but this does not persist, would need to pass this as part of command in the container config (docker compose or dockerfile).

@jackmcpickle going to try the native docker for mac and test this out. Thanks!

jgendera pushed a commit to jgendera/docker-symfony that referenced this issue Jun 4, 2017
When using Docker toolbox, Symfony can't run because of permission errors. "Warning: SessionHandler::read(): Session data file is not created by your uid"
This line fixes the problem (based on boot2docker/boot2docker#587 (comment))
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests