Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: EACCES: permission denied on running the command docker-compose up #1

Closed
parthsharma1996 opened this issue May 22, 2018 · 10 comments
Closed

Error: EACCES: permission denied on running the command docker-compose up #1

parthsharma1996 opened this issue May 22, 2018 · 10 comments

Comments

@parthsharma1996
Copy link

I am stuck in the docker-compose up command, which is throwing the following error:-

Starting node-red-tutorials_node-red_1 ... done
Attaching to node-red-tutorials_node-red_1
node-red_1  | npm info it worked if it ends with ok
node-red_1  | npm info using npm@3.10.10
node-red_1  | npm info using node@v6.11.1
node-red_1  | npm info lifecycle node-red-docker@1.0.0~prestart: node-red-docker@1.0.0
node-red_1  | npm info lifecycle node-red-docker@1.0.0~start: node-red-docker@1.0.0
node-red_1  | 
node-red_1  | > node-red-docker@1.0.0 start /usr/src/node-red
node-red_1  | > node $NODE_OPTIONS node_modules/node-red/red.js -v $FLOWS "--userDir" "/data"
node-red_1  | 
node-red_1  | 22 May 12:43:49 - [error] Failed to start server:
node-red_1  | 22 May 12:43:49 - [error] Error: EACCES: permission denied, mkdir '/data/lib'
node-red_1  |     at Error (native)
node-red_1  | npm info lifecycle node-red-docker@1.0.0~poststart: node-red-docker@1.0.0
node-red_1  | npm info ok 
node-red-tutorials_node-red_1 exited with code 0

I googled for this, and reinstalled node with nvm(which is the standard solution for the EACCES error. However, the error is still unresolved.

Can someone point me to a relevant direction on how to resolve this?
@milutz
Copy link

milutz commented May 22, 2018
edited
Loading

@parthsharma1996 That error is saying that the permissions on the data directory data/ aren't allowing the app to make a directory in there.

Which operating system are you on? If a unix/linux what is the ls -la data?

FYI: given this is docker, we baked node/nvm into the image itself (to try and make things easier), so reinstalling it locally won't have any effect on the tutorial docker

@parthsharma1996
Copy link
Author

@parthsharma1996 That error is saying that the permissions on the data directory data/ aren't allowing the app to make a directory in there.

Yes. I am not able to figure out why that is happening, because(maybe I'm mistaken) it seems that I have the required permissions.

Here is the output of ls -la data

(rasa_env) ❯ ls -la data
total 52
drwxr-xr-x 2 parth users  4096 May 22 17:08 .
drwxr-xr-x 4 parth users  4096 May 22 17:08 ..
-rw-r--r-- 1 parth users 16917 May 22 17:08 .config.json
-rw-r--r-- 1 parth users  4843 May 22 17:08 flows.json
-rw-r--r-- 1 parth users   193 May 22 17:08 package.json
-rw-r--r-- 1 parth users 10500 May 22 17:08 settings.js

FYI: given this is docker, we baked node/nvm into the image itself (to try and make things easier), so reinstalling it locally won't have any effect on the tutorial docker

Thanks for letting me know. Didn't know that.

@milutz
Copy link

milutz commented May 23, 2018

@parthsharma1996 Hmm ok...

(given that I get fuzzy on the specific rules for UID translation on docker) could you open the permissions wide-open on the data directory (chmod -R a+rw data) , re-run node-red docker (which hopefully will then work) and give me a new ls -la data.

I suspect that the docker container is accessing your directory as a non-root user thats not yours (but there could be other problems as well, so this will help sort out which problem we are dealing with)

Also could you confirm your specific OS (if linux which distro/version)?

@parthsharma1996
Copy link
Author

parthsharma1996 commented May 23, 2018
edited
Loading

Running chmod -R a+rw data does indeed work. It's running now.

Here is the new output of ls -la data

(rasa_env) ❯ ls -la data
total 56
drwxrwxrwx 3 parth users  4096 May 23 20:15 .
drwxr-xr-x 4 parth users  4096 May 22 17:08 ..
-rw-rw-rw- 1 parth users 16798 May 23 20:15 .config.json
-rw-rw-rw- 1 parth users  4843 May 22 17:08 flows.json
drwxr-xr-x 3 play  play   4096 May 23 20:15 lib
-rw-rw-rw- 1 parth users   193 May 22 17:08 package.json
-rw-rw-rw- 1 parth users 10500 May 22 17:08 settings.js

I suspect that the docker container is accessing your directory as a non-root user thats not yours (but there could be other problems as well, so this will help sort out which problem we are dealing with)

I am not sure I understand this. Can you please elaborate? Sorry I am inexperienced with docker.

I am running Arch Linux.

Linux hal9000 4.12.8-2-ARCH #1 SMP PREEMPT Fri Aug 18 14:08:02 UTC 2017 x86_64 GNU/Linux

P.S What is baffling is that I am able to run docker-compose up in the rasa-tutorials with no problem. The permissions for the data folder are as follows:

(rasa_env) ❯ ls -la data
total 68
drwxr-xr-x 3 parth users  4096 May 23 20:09 .
drwxr-xr-x 6 parth users  4096 May 23 20:09 ..
-rw-r--r-- 1 parth users 16798 May 22 18:55 .config.json
-rw-r--r-- 1 parth users 15282 May 22 18:55 flows.json
-rw-r--r-- 1 parth users    56 May 22 18:55 .gitignore
drwxr-xr-x 3 parth auth   4096 May 23 20:09 lib
-rw-r--r-- 1 parth users    99 May 22 18:55 package.json
-rw-r--r-- 1 parth users 10500 May 22 18:55 settings.js

They look the same as the permissions before in node-red-tutorials

@milutz
Copy link

milutz commented May 23, 2018
edited
Loading

@parthsharma1996 said:
I am not sure I understand this. Can you please elaborate? Sorry I am inexperienced with docker.

Docker is a kinda strange beast - Let me try explain, but let me know if the description doesn't make sense.

Docker (AKA containers) are kinda-like mini virtual machines.

This means that Docker images contain all their own libraries, and run processes under there own users/UIDs (the real way to say this is that containers virtualize user-space).

They are different then normal virtual machines in that they share the kernel (so they are much smaller then real VMs) and that (if configured to) they can share the host filesystem (literally mounting host directories in the container, for the docker process to operate on them.

A side effect of this is that the user/UID that the process runs in the container - in the virtual environment - will be the UID it attempts to write onto the host filesystem via. (I just looked it up - in our container we have a "node-red" user that is UID 1001)

So if you do a ls -n data it should show you the UID that the files were written with - that is the UID that our node-red docker is using internally (so I'm expecting you'll see 1001).

Docker definitely has some tools to clean up this UID mapping stuff, and on the Mac version of Docker it just magically maps everything to the user that ran docker.

I'll have research those tools and see if we can make it easier for people running natively on linux

That explain it?

@parthsharma1996
Copy link
Author

parthsharma1996 commented May 24, 2018
edited
Loading

Thanks! That was a perfect explanation. It's rare to find people here who are willing to explain things in such a comprehensive manner.

Interestingly enough the uid I see is 1000 not 1001. Here's the output

(rasa_env) ❯ ls -n data
total 24
-rw-r--r-- 1 1000 100  4843 May 24 17:26 flows.json
-rw-r--r-- 1 1000 100   193 May 24 17:26 package.json
-rw-r--r-- 1 1000 100 10500 May 24 17:26 settings.js

Running chown -R 1001 data does the trick. Though I am not sure why should that be required ideally.

@milutz
Copy link

milutz commented May 24, 2018

Hmm ok, I'm going to have to read some docs. I know uid 1000 is the default but I though the container UID took precedence. I’ll read a bit and update today.

@parthsharma1996 given that your up and running (or let me know if you are aren't!) are you good with me closing this issue?

@milutz
Copy link

milutz commented May 25, 2018

@parthsharma1996 said:

Interestingly enough the uid I see is 1000 not 1001. Here's the output

I just realized when I re-read your ls that it doesn't show the files created when the docker runs (the lib directory) - so I think that would show UID 1001 in the original example, where you ls shows the user "play".

You do have me a bit stumped with your comment of:

P.S What is baffling is that I am able to run docker-compose up in the rasa-tutorials with no problem.

I'll have to dig through that to see if something forces the UID to remap.
I'm also a bit unsure what magic happens on the Mac that avoids this problem in the first place.

Anyway - Good with me closing the issue?

@parthsharma1996
Copy link
Author

P.S What is baffling is that I am able to run docker-compose up in the rasa-tutorials with no problem.

I'll have to dig through that to see if something forces the UID to remap.
I'm also a bit unsure what magic happens on the Mac that avoids this problem in the first place.

I still don't understand why that is happening. Though I am able to run the tutorial now, and closing the issue should be okay.

@wrathagom
Copy link
Contributor

There's a UID mis-match between the user running in the container and your user id. You can see when I use this same container in my Rasa Tutorial repo I explicility set user:1000 to fix this problem. https://github.com/samtecspg/rasa-tutorials/blob/master/docker-compose.yml#L12

@milutz milutz closed this as completed Jun 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wrathagom @milutz @parthsharma1996