New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to run 2.x.x due to permission errors. v1.3.7 is fine. #312
Comments
Can somebody with repo admin access move this to node-red/node-red-docker please. While that is happening, start the 1.3.7 container and then run the following:
This will show us what files and permissions the content of the Out of all the |
I have run the commands as suggested, as well as with the numeric uid and gid.
|
Nothing looks strange there (apart from the There is nothing in change between Docker 1.3.x and 2.x.x that should change the permissions. It's trying to rewrite the |
Had the same problem. Did a |
Careful with |
I get this error installing 3.0.2-18 on QNAP, same error with and without mapping external volumes node:internal/fs/utils:348
throw err;
^
Error: EPERM: operation not permitted, copyfile '/usr/src/node-red/node_modules/node-red/settings.js' -> '/data/settings.js'
at Object.copyFileSync (node:fs:2866:3)
at copyFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:73:6)
at onFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:59:25)
at getStats (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:51:44)
at handleFilterAndCopy (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:36:10)
at Object.copySync (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:29:10)
at Object.<anonymous> (/usr/src/node-red/node_modules/node-red/red.js:129:20)
at Module._compile (node:internal/modules/cjs/loader:1120:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1174:10)
at Module.load (node:internal/modules/cjs/loader:998:32) {
errno: -1,
syscall: 'copyfile',
code: 'EPERM',
path: '/usr/src/node-red/node_modules/node-red/settings.js',
dest: '/data/settings.js'
}
Node.js v18.7.0 |
@dcolley please supply the full Are you sure you haven't changed the effective uid? With no volumes mounted |
On QNAP, the admin user has # id $USER
uid=0(admin) gid=0(administrators) groups=0(administrators),100(everyone) # cat /etc/passwd
admin:x:0:0:administrator:/share/homes/admin:/bin/sh
guest:x:65534:65534:guest:/tmp:/bin/sh
httpdusr:x:99:0:Apache httpd user:/tmp:/bin/sh
[sshd]:x:110:65534:SSHD Privilege Separation:/var/empty:/bin/sh
derek:x:1000:100:Linux User,derek@...,,:/share/homes/derek:/bin/sh # cat /etc/group
administrators:x:0:admin,derek
everyone:x:100:admin,derek
... produces the error above. Also, running it without -v has the same result Edit: |
Without a volume that should just work (and does when run here on my Ubuntu and Fedora machines) With a volume then you need to ensure that any directly mounted directories are writable by UID 1000, but for a bare local docker volume it should just work. (Though volumes backed by NFS still show up as local as well) The Node-RED process runs as UID 1000 and as I said has permission to write to |
Sure, on Ubuntu (where users 1000 and root exist) it just works. On QNAP it doesn't work out of the box. I managed to get it working, but it's along process. The process:
Documented here for the record: Shell 1 Create a nodejs containerI'm using port 1881 temporarily. I need a working installation so I can port over my old flows currently running on 1880
# inside container
Shell 2Copy some files into the running container
Shell 1 (inside the container)
After this you will have a working container with correct files/structure in /data and /usr/src/node-red Shell 1 (inside the container)
Create the node-red containerlink the container to your
When I have copied over my existing flows (not on a -v mount...), I'll delete the instance on 1880 and recreate this instance on 1880 |
Well I spoke too soon... the method above does not survive a restart...
|
The users shouldn't need to exist on the host OS at all (especially when not mounting a volume). Every thing is just handled by numeric IDs and totally inside the container. Unless the qnap docker instance is doing something strange |
Try running the following on the qnap console (not in the container)
|
Most possibly... it's an older version of docker.
I appreciate your help, but this is still not working... setfacl made no difference. |
I'm stumped for now, without a QNAP box to play with and poke at the logs I'm not sure what to suggest. |
I had the same issues too on my QNAP (QTS 5.0.1.2034) but the following seemed to have worked: docker-compose.yml docker-compose up -d Note: I did have an existing user with uid 1000 but there wasn't an existing group with gid 1000 |
You do not need named groups/users with the same numerical id on the host platform, the names are just a way to give a label for humans to understand, you can always use chmod/chown with numerical ids. |
Edited: I really didn't think you would need to chown the folder on the host system (because it fails even when not specifying a volume). |
On QNAP I managed to get the container started with docker run -it -d \
-p 1880:1880 \
-v /share/Containers/node-red/3.0.2/data:/data \
--privileged \
--name node-red-3.0.2-18 nodered/node-red:3.0.2-18 The container survives a restart so, even though I don't think this is ideal, I'm moving on... |
Current Behavior
What has changed between 1.3.7 and 2.x.x regarding permissions to write to the /data volume?
Running any 2.x.x nodred version in my docker fails with the error:
Error: EPERM: operation not permitted, copyfile '/data/.config.nodes.json' -> '/data/.config.nodes.json.backup'
However, running 1.3.7 has no issues.
I have read and followed every article I can find, including:
https://nodered.org/docs/getting-started/docker#managing-user-data
https://github.com/node-red/node-red-docker/wiki/Permissions-and-Persistence
Where mounting an external folder as the data volume, I have ensured it's owner and group is 1000:1000
I have tried numerous variations on the startup commands in the documentation.
Expected Behavior
The server will run as expected.
Steps To Reproduce
Try to spin up any nodered 2.x.x version and it fails..
Try the same for v1.3.7 and it is successful.
Example flow
No response
Environment
The text was updated successfully, but these errors were encountered: