Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running container as different user fails with permission denied error #182

Closed
irfadrazick opened this issue Aug 2, 2018 · 7 comments

Comments

@irfadrazick
Copy link

commented Aug 2, 2018

  • Version: coderaiser/cloudcmd:10.4.1
  • Node Version: v10.6.0
  • OS: Linux infosak 4.4.0-127-generic #153-Ubuntu SMP Sat May 19 10:58:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  • Browser name/version: Chrome/67
  • Used Command Line Parameters: docker run --name cloudcmd -u 10000 -p 8000:8000 -v /var/www:/var/www -v /var/log:/var/log coderaiser/cloudcmd:10.4.1
  • Changed Config: Using different user to run container

When I use different user other than default root to launch a container I am unable to get it started as it tries to switch to /root directory and gets permission denied.

docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "chdir to cwd (\"/root\") set in config.json failed: permission denied": unknown.

I have a use case where I allow access to file which has sensitive information only to web user www-data where other users cannot view that file, hence it makes sense to run the container as different user.

In the Dockerfile I see WORKDIR is changed to /root. Removing the line should fix this problem.

WORKDIR /root

Please kindly check and do the needful.

Thank you

@coderaiser

This comment has been minimized.

Copy link
Owner

commented Aug 3, 2018

That is very strange. I can not reproduce this. When I run

docker run --name cloudcmd -u 10000 -p 8000:8000 -v /var/www:/var/www -v /var/log:/var/log coderaiser/cloudcmd:10.4.1

Everything works good with docker v17.
What version of docker do you use?

@coderaiser coderaiser added the question label Aug 3, 2018
@coderaiser

This comment has been minimized.

Copy link
Owner

commented Aug 6, 2018

Closed due to a long time of inactivity.

@coderaiser coderaiser closed this Aug 6, 2018
@irfadrazick

This comment has been minimized.

Copy link
Author

commented Aug 10, 2018

Sorry for the delay, my docker version is 18.06.0-ce, build 0ffa825

@aaron-sua

This comment has been minimized.

Copy link

commented Sep 16, 2018

I am seeing this issue as well.
I typically start a container with a service user, let's say 'appuser'
if I then try to docker exec -it -u root
I get the above error
If I change the working_dir to something root has direct access, like /tmp
it works fine

@luisbrandao

This comment has been minimized.

Copy link

commented Nov 21, 2018

Me too, in many conteiners. ismaleiva90/weblogic12 and the oficial jenkins one are exemples.
I cant get root in those conteiners

@coderaiser coderaiser reopened this Nov 22, 2018
@coderaiser coderaiser added bug and removed question labels Nov 22, 2018
coderaiser pushed a commit that referenced this issue Nov 22, 2018
coderaiser
@coderaiser

This comment has been minimized.

Copy link
Owner

commented Nov 22, 2018

The thing is root is default user in docker images used by Cloud Commander, and WORKDIR was set to root as a home directory of root user, as shown in example:

docker run -t --rm -v ~:/root -v /:/mnt/fs -w=/root -p 8000:8000 coderaiser/cloudcmd

To have ability to see home directory files straight after run.
Anyways there is an workdir option that can be used to set any workdir you want.

@coderaiser

This comment has been minimized.

Copy link
Owner

commented Nov 22, 2018

Fixed with d16e345 🔨. Landed in v11.8.2 🎉.

Is it works for you?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.