New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attempting to change ownership or permissions on a bind-mounted volume via docker exec fails #587

Open
samling opened this Issue Oct 22, 2014 · 55 comments

Comments

Projects
None yet
@samling

samling commented Oct 22, 2014

I noticed this behavior yesterday when trying to bind-mount a local directory containing a webapp into my container so I could work on it without having to restart the container after every change. The app's framework is very particular about permissions, so I thought I'd try using docker exec to change them. The run command is something like:

docker run -v /Users/sboynton/project/webapp/:/app -t imagename

Then I ran the following to check permissions:

docker exec container_name ls -la /app

Which gives:

[...]
-rw-r--r--   1 1000 staff   174 Jun 26 22:24 build.properties
-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml
-rw-r--r--   1 1000 staff  1464 Jun 26 22:24 index.php
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 lib
drwxr-xr-x   1 1000 staff   102 Jun 26 22:24 plugins
[...]

The following command should work, and does on files created by e.g. "docker exec container_name touch file_name", but doesn't in this scenario:

docker exec container_name chown www-data:www-data /app/build.xml

Running ls -la /app/build.xml still returns:

-rw-r--r--   1 1000 staff 10347 Jun 26 22:24 build.xml

Some other things that have been tried are creating a new file in the container's /tmp directory and attempting the same ownership change (works), creating a new file via docker exec in /app and attempting the same (fails), and attempting to change ownership using uid/gid instead of names (e.g. 33:33) (fails). chown, chgrp and chmod all exhibit this same behavior.

If this is a Docker issue and not a boot2docker issue, please let me know and I'll take the issue over there. However, users who tried the above from a Linux Docker host instead of through boot2docker were able to successfully modify permissions/ownership, which leads me to believe this is an issue with boot2docker.

@SvenDowideit

This comment has been minimized.

Show comment
Hide comment
@SvenDowideit

SvenDowideit Oct 23, 2014

Contributor

this is a duplicate of #581(I'm not closing to make it easier for people to find)

Contributor

SvenDowideit commented Oct 23, 2014

this is a duplicate of #581(I'm not closing to make it easier for people to find)

@SvenDowideit SvenDowideit added this to the 1.3.1 milestone Oct 23, 2014

@mnapoli

This comment has been minimized.

Show comment
Hide comment
@mnapoli

mnapoli Oct 23, 2014

+1 been pulling my hair all day on this.

mnapoli commented Oct 23, 2014

+1 been pulling my hair all day on this.

@tianon tianon modified the milestone: 1.3.1 Oct 23, 2014

@crucialfelix

This comment has been minimized.

Show comment
Hide comment
@crucialfelix

crucialfelix Nov 18, 2014

To add to this, not only do chown/chmod not have any effect from inside the container, they also do not have any affect from the boot2docker vm shell. so its natural that the container has no ability to modifiy since the host (boot2docker VM) cannot modify the files on the real host (OS X)

I guess this is a read only mount ?

Permissions show the files as owned by docker:

docker@boot2docker:/Users/crucial/shared/postgres$ ls -la
-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

But can't touch this:

# no error message, but does not actually touch the file
 docker@boot2docker:/Users/crucial/shared/postgres$ touch /Users/crucial/shared/postgres/postgresql.conf
# sudo make me a sandwich
docker@boot2docker:/Users/crucial/shared/postgres$ sudo touch postgresql.conf

Still untouched:

-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

cat throws an error:

cat "# added a line" >> /Users/crucial/shared/postgres/postgresql.conf
-sh: can't create /Users/crucial/shared/postgres/postgresql.conf: Operation not permitted

chown and chmod of course do not work. although I'm doing this on a large postgres data directory and it does take a while to run. so it is doing work. but there is no change

To add to this, not only do chown/chmod not have any effect from inside the container, they also do not have any affect from the boot2docker vm shell. so its natural that the container has no ability to modifiy since the host (boot2docker VM) cannot modify the files on the real host (OS X)

I guess this is a read only mount ?

Permissions show the files as owned by docker:

docker@boot2docker:/Users/crucial/shared/postgres$ ls -la
-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

But can't touch this:

# no error message, but does not actually touch the file
 docker@boot2docker:/Users/crucial/shared/postgres$ touch /Users/crucial/shared/postgres/postgresql.conf
# sudo make me a sandwich
docker@boot2docker:/Users/crucial/shared/postgres$ sudo touch postgresql.conf

Still untouched:

-rwxr-xr-x    1 docker   staff        19130 Nov  3  2013 postgresql.conf

cat throws an error:

cat "# added a line" >> /Users/crucial/shared/postgres/postgresql.conf
-sh: can't create /Users/crucial/shared/postgres/postgresql.conf: Operation not permitted

chown and chmod of course do not work. although I'm doing this on a large postgres data directory and it does take a while to run. so it is doing work. but there is no change

@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

paolomainardi Dec 4, 2014

Contributor

Same issue here, shared local volumes from osx to containers are unable to handle permissions properly, which makes boot2docker unusable for a local dev environments. I've also tried to work just with data containerz, but exporting them with NFS/samba is a performance nightmare, a simple 'git status' takes seconds.

Contributor

paolomainardi commented Dec 4, 2014

Same issue here, shared local volumes from osx to containers are unable to handle permissions properly, which makes boot2docker unusable for a local dev environments. I've also tried to work just with data containerz, but exporting them with NFS/samba is a performance nightmare, a simple 'git status' takes seconds.

@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

paolomainardi Dec 14, 2014

Contributor

My temporary solution is to use NFS shared folders instead of vboxfs, as vagrant does.

From osx "/etc/exports":
/Users -mapall=[youruser]:[yourgroup] [boot2dockerip]

From boot2docker umount/remount /Users using NFS:

sudo umount /Users
sudo /usr/local/etc/init.d/nfs-client start
sudo mount 192.168.59.3:/Users /Users -o rw,async,noatime,rsize=32768,wsize=32768,proto=tcp
Contributor

paolomainardi commented Dec 14, 2014

My temporary solution is to use NFS shared folders instead of vboxfs, as vagrant does.

From osx "/etc/exports":
/Users -mapall=[youruser]:[yourgroup] [boot2dockerip]

From boot2docker umount/remount /Users using NFS:

sudo umount /Users
sudo /usr/local/etc/init.d/nfs-client start
sudo mount 192.168.59.3:/Users /Users -o rw,async,noatime,rsize=32768,wsize=32768,proto=tcp
@SvenDowideit

This comment has been minimized.

Show comment
Hide comment
@SvenDowideit

SvenDowideit Dec 15, 2014

Contributor

@paolomainardi yup, that was one of the solutions we should explore.

Contributor

SvenDowideit commented Dec 15, 2014

@paolomainardi yup, that was one of the solutions we should explore.

@chiefy

This comment has been minimized.

Show comment
Hide comment
@chiefy

chiefy Feb 5, 2015

@paolomainardi thanks for that tip - helped me out big time!

chiefy commented Feb 5, 2015

@paolomainardi thanks for that tip - helped me out big time!

@mikeys

This comment has been minimized.

Show comment
Hide comment
@mikeys

mikeys Feb 9, 2015

@paolomainardi Maybe i'm doing something wrong: I can't run unmount from within the boot2docker virtual machine...

mikeys commented Feb 9, 2015

@paolomainardi Maybe i'm doing something wrong: I can't run unmount from within the boot2docker virtual machine...

@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

paolomainardi Feb 9, 2015

Contributor

@mikeys let me see the error log output

Contributor

paolomainardi commented Feb 9, 2015

@mikeys let me see the error log output

@mikeys

This comment has been minimized.

Show comment
Hide comment
@mikeys

mikeys Feb 9, 2015

My bad, it's umount not unmount. Thanks!

mikeys commented Feb 9, 2015

My bad, it's umount not unmount. Thanks!

@mikeys

This comment has been minimized.

Show comment
Hide comment
@mikeys

mikeys Feb 9, 2015

@paolomainardi I'm facing something really odd, the data is persisted but for some reason I can't see any files the volumes i've mounted... both in the host and from inside the container...

mikeys commented Feb 9, 2015

@paolomainardi I'm facing something really odd, the data is persisted but for some reason I can't see any files the volumes i've mounted... both in the host and from inside the container...

@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

paolomainardi Feb 9, 2015

Contributor

@mikeys are you using fig ?

Contributor

paolomainardi commented Feb 9, 2015

@mikeys are you using fig ?

@mikeys

This comment has been minimized.

Show comment
Hide comment

mikeys commented Feb 9, 2015

@paolomainardi Yes I am

@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

paolomainardi Feb 9, 2015

Contributor

@mikeys sometimes it happens, i really don't why. If you don't have anything important try to docker rm -fdocker ps -a -q`` and start them from scratch.

Contributor

paolomainardi commented Feb 9, 2015

@mikeys sometimes it happens, i really don't why. If you don't have anything important try to docker rm -fdocker ps -a -q`` and start them from scratch.

@mikeys

This comment has been minimized.

Show comment
Hide comment
@mikeys

mikeys Feb 9, 2015

@paolomainardi Wow... the entire eco-system is shaky lol. Thanks, that actually worked but all those workarounds feel very unstable 😞 .

mikeys commented Feb 9, 2015

@paolomainardi Wow... the entire eco-system is shaky lol. Thanks, that actually worked but all those workarounds feel very unstable 😞 .

@paolomainardi

This comment has been minimized.

Show comment
Hide comment
@paolomainardi

paolomainardi Feb 9, 2015

Contributor

@mikeys i agree, maybe with docker-compose things will change :)

Contributor

paolomainardi commented Feb 9, 2015

@mikeys i agree, maybe with docker-compose things will change :)

@sheetweaver

This comment has been minimized.

Show comment
Hide comment
@sheetweaver

sheetweaver Mar 31, 2015

hmm... so I got the same problem with docker-compose that mikeys got with fig. I guess changing the name didn't fix the bug after all. :) ... is this a "known issue" (with a bug report somewhere)?

hmm... so I got the same problem with docker-compose that mikeys got with fig. I guess changing the name didn't fix the bug after all. :) ... is this a "known issue" (with a bug report somewhere)?

@ataraxus

This comment has been minimized.

Show comment
Hide comment
@ataraxus

ataraxus Apr 30, 2015

stumbled into this issue right now. really anoying

stumbled into this issue right now. really anoying

@IBMRob

This comment has been minimized.

Show comment
Hide comment
@IBMRob

IBMRob May 5, 2015

I've been also hitting this issue similar to this trying to run the ibmimages/mqadvanced image on a Mac running boot2docker within VirtualBox. If you point to a local filesystem within the boot2docker image it works fine but if you try and use a mounted folder such as /Users on a mac it fails to change the permissions of the mounted files thus resulting in the container failing.
Would be great to get this working.

IBMRob commented May 5, 2015

I've been also hitting this issue similar to this trying to run the ibmimages/mqadvanced image on a Mac running boot2docker within VirtualBox. If you point to a local filesystem within the boot2docker image it works fine but if you try and use a mounted folder such as /Users on a mac it fails to change the permissions of the mounted files thus resulting in the container failing.
Would be great to get this working.

@EwanValentine

This comment has been minimized.

Show comment
Hide comment
@nicbarker

This comment has been minimized.

Show comment
Hide comment
@nicbarker

nicbarker May 16, 2015

+1 just ran into this issue.

+1 just ran into this issue.

@firelife

This comment has been minimized.

Show comment
Hide comment
@firelife

firelife May 20, 2015

+1 postgresql with boot2docker on mac

+1 postgresql with boot2docker on mac

@alefi87

This comment has been minimized.

Show comment
Hide comment

alefi87 commented Jun 1, 2015

+1

@chouclee

This comment has been minimized.

Show comment
Hide comment
@chouclee

chouclee Jun 5, 2015

+1 permission denied

chouclee commented Jun 5, 2015

+1 permission denied

@ayeo

This comment has been minimized.

Show comment
Hide comment

ayeo commented Jun 7, 2015

+1

@nicholasruunu

This comment has been minimized.

Show comment
Hide comment
@jaco

This comment has been minimized.

Show comment
Hide comment

jaco commented Jun 11, 2015

+1

@nicekiwi

This comment has been minimized.

Show comment
Hide comment

+1

@ierceg

This comment has been minimized.

Show comment
Hide comment

ierceg commented Jun 22, 2015

+1

@johnykov

This comment has been minimized.

Show comment
Hide comment

+1

@ayeo

This comment has been minimized.

Show comment
Hide comment
@ayeo

ayeo Jun 24, 2015

To grant permissions to www-data (Apache2, PHP) you can use:

RUN usermod -u 1000 www-data 

ayeo commented Jun 24, 2015

To grant permissions to www-data (Apache2, PHP) you can use:

RUN usermod -u 1000 www-data 
@ierceg

This comment has been minimized.

Show comment
Hide comment
@ierceg

ierceg Jun 24, 2015

@ayeo this work - thanks! Though I had to restart the service.

ierceg commented Jun 24, 2015

@ayeo this work - thanks! Though I had to restart the service.

@dansoton

This comment has been minimized.

Show comment
Hide comment
@dansoton

dansoton Jun 30, 2015

+1 rabbitmq volume-binding ssl keys from host not accessible to rabbitmq server since it runs under rabbitmq user.

+1 rabbitmq volume-binding ssl keys from host not accessible to rabbitmq server since it runs under rabbitmq user.

@otobrglez

This comment has been minimized.

Show comment
Hide comment
@otobrglez

otobrglez Aug 20, 2015

@ayeo You are my hero of the day. 👍 Cheers!

@ayeo You are my hero of the day. 👍 Cheers!

@asheshambasta

This comment has been minimized.

Show comment
Hide comment
@asheshambasta

asheshambasta Sep 4, 2015

+1 same issue. Docker is completely useless for us because of this.
After all this fuss about docker, I pitched docker to my dev. team as an option to optimise our deployments and right after the install, we run into really basic issues like these. 👎 Seriously.

+1 same issue. Docker is completely useless for us because of this.
After all this fuss about docker, I pitched docker to my dev. team as an option to optimise our deployments and right after the install, we run into really basic issues like these. 👎 Seriously.

@bryanallen

This comment has been minimized.

Show comment
Hide comment

+1

@mnapoli

This comment has been minimized.

Show comment
Hide comment
@mnapoli

mnapoli Sep 23, 2015

@asheshambasta I use Dinghy, just install it instead of boot2docker and it just works ® (at least it does for me).

mnapoli commented Sep 23, 2015

@asheshambasta I use Dinghy, just install it instead of boot2docker and it just works ® (at least it does for me).

@kcrawley

This comment has been minimized.

Show comment
Hide comment
@kcrawley

kcrawley Oct 1, 2015

@ayeo can confirm that this hack works with php-fpm as well. thank you.

👍 to fix, plz.

kcrawley commented Oct 1, 2015

@ayeo can confirm that this hack works with php-fpm as well. thank you.

👍 to fix, plz.

@jaryroxas

This comment has been minimized.

Show comment
Hide comment
@jaryroxas

jaryroxas Oct 25, 2015

+1

RUN usermod -u 1000 www-data @ayeo this works

+1

RUN usermod -u 1000 www-data @ayeo this works

@Server4001

This comment has been minimized.

Show comment
Hide comment
@Server4001

Server4001 Oct 28, 2015

+1

As @ayeo mentioned, "usermod -u 1000 www-data" does work

+1

As @ayeo mentioned, "usermod -u 1000 www-data" does work

@ndelitski

This comment has been minimized.

Show comment
Hide comment

+1

@ghost

This comment has been minimized.

Show comment
Hide comment

ghost commented Nov 2, 2015

+1

marymissmary pushed a commit to marymissmary/crossfit_workouts that referenced this issue Nov 2, 2015

hack to allow chown on mounted volume
I was having problems with the permissions on the mounted volume for the
actual elasticseach data. So I used the usrmod hack.
boot2docker/boot2docker#587
@minskmaz

This comment has been minimized.

Show comment
Hide comment
@minskmaz

minskmaz Nov 4, 2015

+1. this is a serious issue.

minskmaz commented Nov 4, 2015

+1. this is a serious issue.

@rossedman

This comment has been minimized.

Show comment
Hide comment
@rossedman

rossedman Nov 5, 2015

+1. I have encountered this problem on Vagrant before as well. Shared files are always the issue. Would love to see this fixed.

+1. I have encountered this problem on Vagrant before as well. Shared files are always the issue. Would love to see this fixed.

@minskmaz

This comment has been minimized.

Show comment
Hide comment
@minskmaz

minskmaz Nov 5, 2015

I was able to get around this using --volumes-from
some/data-only/container_id

On Wed, Nov 4, 2015 at 6:50 PM, Ross Edman notifications@github.com wrote:

+1. I have encountered this problem on Vagrant before as well. Shared
files are always the issue. Would love to see this fixed.


Reply to this email directly or view it on GitHub
#587 (comment)
.

minskmaz commented Nov 5, 2015

I was able to get around this using --volumes-from
some/data-only/container_id

On Wed, Nov 4, 2015 at 6:50 PM, Ross Edman notifications@github.com wrote:

+1. I have encountered this problem on Vagrant before as well. Shared
files are always the issue. Would love to see this fixed.


Reply to this email directly or view it on GitHub
#587 (comment)
.

@ducdebreme

This comment has been minimized.

Show comment
Hide comment

+1

@scribnar

This comment has been minimized.

Show comment
Hide comment
@scribnar

scribnar Nov 28, 2015

+1 Wasted many hours on this. Permission does not change if a folder is mounted as volume and when trying to change ownership inside container using chown

+1 Wasted many hours on this. Permission does not change if a folder is mounted as volume and when trying to change ownership inside container using chown

@ozlerhakan

This comment has been minimized.

Show comment
Hide comment

+1

@krasi-georgiev

This comment has been minimized.

Show comment
Hide comment
@krasi-georgiev

krasi-georgiev Dec 6, 2015

nfs sharing by default +1

nfs sharing by default +1

@bobintornado

This comment has been minimized.

Show comment
Hide comment
@bobintornado

bobintornado May 15, 2016

+1
running crazy against following error now on my coreos kubernetes cluster
chmod: changing permissions of ‘/var/lib/postgresql/data/pgdata’: Operation not permitted

+1
running crazy against following error now on my coreos kubernetes cluster
chmod: changing permissions of ‘/var/lib/postgresql/data/pgdata’: Operation not permitted

@RadikChernyshov

This comment has been minimized.

Show comment
Hide comment
@jackmcpickle

This comment has been minimized.

Show comment
Hide comment
@jackmcpickle

jackmcpickle May 18, 2016

Everyone should try the new 'native' docker for mac/window which is in beta now. Mounting files inside my app work fine now. So long as I change the permissions on runtime.

Everyone should try the new 'native' docker for mac/window which is in beta now. Mounting files inside my app work fine now. So long as I change the permissions on runtime.

@yongzhihuang

This comment has been minimized.

Show comment
Hide comment
@yongzhihuang

yongzhihuang Jul 14, 2016

+1

What exactly is staff? Like @ayeo said, it works when you change the user via:
usermod -u 1000 www-data, but this does not persist, would need to pass this as part of command in the container config (docker compose or dockerfile).

@jackmcpickle going to try the native docker for mac and test this out. Thanks!

+1

What exactly is staff? Like @ayeo said, it works when you change the user via:
usermod -u 1000 www-data, but this does not persist, would need to pass this as part of command in the container config (docker compose or dockerfile).

@jackmcpickle going to try the native docker for mac and test this out. Thanks!

jgendera added a commit to jgendera/docker-symfony that referenced this issue Jun 4, 2017

Fix sessions permission error
When using Docker toolbox, Symfony can't run because of permission errors. "Warning: SessionHandler::read(): Session data file is not created by your uid"
This line fixes the problem (based on boot2docker/boot2docker#587 (comment))

@wglambert wglambert added the Issue label Jul 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment