Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running with Docker/Podman: Permission Denied #140

Closed
jeschkies opened this issue Jul 14, 2021 · 7 comments · Fixed by #179
Closed

Running with Docker/Podman: Permission Denied #140

jeschkies opened this issue Jul 14, 2021 · 7 comments · Fixed by #179

Comments

@jeschkies
Copy link

When I run the Docker image with Docker or Podman I get the following error

› podman run -it -v "$(pwd)":/data:z minlag/mermaid-cli -i /data/diagram.mmd
node:fs:582
  handleErrorFromBinding(ctx);
  ^

Error: EACCES: permission denied, open '/data/diagram.mmd.svg'
    at Object.openSync (node:fs:582:3)
    at Object.writeFileSync (node:fs:2143:35)
    at /home/mermaidcli/node_modules/@mermaid-js/mermaid-cli/index.bundle.js:169:10
    at Generator.next (<anonymous>)
    at step (/home/mermaidcli/node_modules/@mermaid-js/mermaid-cli/index.bundle.js:4:191)
    at /home/mermaidcli/node_modules/@mermaid-js/mermaid-cli/index.bundle.js:4:361
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  errno: -13,
  syscall: 'open',
  code: 'EACCES',
  path: '/data/diagram.mmd.svg'
}

How can I run the CLI without root?
@jeschkies
Copy link
Author

It works if the user is switched to root podman run -it -v "$(pwd)":/data:z -u root minlag/mermaid-cli -i /data/diagram.mmd.

@MindaugasLaganeckas
Copy link
Member

I have switched from root to mermaidcli in docker images. But I did not see any problem when running the tests:

mermaid-cli/run-tests.sh

Line 8 in 194060f

for i in $(ls $INPUT_DATA/*.mmd); do docker run -v $(pwd):/data $IMAGETAG -i /data/$i -o /data/$i.png -w 800; done

Can you try to map data to /home/mermaidcli/data instead and see if that works without specifying root in the cli?

@jeschkies
Copy link
Author

Thanks for the reply. I get the same issues. What OS are you using?

@MindaugasLaganeckas
Copy link
Member

I am using ubuntu in my tests:

mermaid-cli/.github/workflows/compile-mermaid.yml

Line 5 in 194060f

runs-on: ubuntu-latest

@fconil
Copy link

fconil commented Oct 1, 2021

Had the same issue with docker on Ubuntu, solved using docker -u option with my uid

docker run -u <user_uid> -it --rm -v "$(pwd)":data minlag/mermaid-cli -i /data/diagram.mmd

@chebro
Copy link

chebro commented Oct 3, 2021

@MindaugasLaganeckas i could replicate the issue on ubuntu, docker uses the host file permissions when using bind mounts so the (host) data directory doesn't provide write access to the docker (mermaidcli) user.

i see two possible solutions to this (without modifying the dockerfile),

  1. pass -u $UID at runtime. (as suggested by @fconil )
  2. modify the permissions for the data directory to 777 that way user groups outside of the host user can have write access to it (but this is a security risk).

@MindaugasLaganeckas
Copy link
Member

I will update the Known issues in README and close this issue. Please, reopen if you disagree.

@MindaugasLaganeckas MindaugasLaganeckas mentioned this issue Oct 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature/docker permission denied mermaid-js/mermaid-cli
4 participants
@fconil @jeschkies @MindaugasLaganeckas @chebro