Skip to content
This repository has been archived by the owner on Oct 19, 2022. It is now read-only.

docker vieux/sshfs permission denied #44

Closed
dodoao opened this issue Dec 27, 2017 · 3 comments
Closed

docker vieux/sshfs permission denied #44

dodoao opened this issue Dec 27, 2017 · 3 comments

Comments

@dodoao
Copy link

dodoao commented Dec 27, 2017

  1. I use vieux/sshfs to create a volume
docker plugin install --grant-all-permissions vieux/sshfs
docker volume create  -d vieux/sshfs   -o sshcmd=usfo@192.168.1.1:/swarm-study/web/data  -o password='123' sshvolume
  1. I create a user on container :usfo


    Dockerfile:
FROM debian
COPY sources.list /etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y apache2
RUN apt-get install -y php7.0 php7.0-mysql
COPY apache2.conf /etc/apache2/apache2.conf

RUN groupadd -g 1000 usfo
RUN useradd  -u 1000 -g 1000 usfo

COPY index.php /var/www/html/index.php
RUN mkdir /autorun
COPY autorun.sh /autorun/autorun.sh
RUN chmod 755 /autorun/autorun.sh
RUN mkdir /html-data
CMD ./autorun/autorun.sh
  1. and use usfo users run apache


    apache2.conf:
User usfo
Group usfo
  1. use this command run container
docker run -itd -p 80:80 --mount type=volume,source=sshvolume,destination=/swarm-data debian2
  1. and I'm having trouble , only root users can access , usfo users can't not
root@e3ca660f3a8d:/# su root
root@e3ca660f3a8d:/# ls -l /swarm-data
total 8
-rw-r--r-- 1 usfo usfo 1136 Dec 26 02:37 Desktop.rar
-rw-r--r-- 1 usfo usfo    7 Dec 26 02:18 a.txt

root@e3ca660f3a8d:/# ls -l / | grep swarm-data
drwxr-x---   1 usfo usfo 4096 Dec 26 02:37 swarm-data

root@e3ca660f3a8d:/# su usfo
$ ls -l / |grep swarm-data
ls: cannot access '/swarm-data': Permission denied
d?????????   ? ?    ?       ?            ? swarm-data
  1. Try not using vieux / sshfs , Is work! , But i have to use vieux/sshfs !!
docker run -itd -p 80:80 -v  /swarm-study/web/data:/swarm-data debian2

root@d678cdb273c8:/# su usfo
$ ls -l / | grep swarm-data
drwxr-x---   2 usfo usfo 4096 Dec 26 10:54 swarm-data

docker Version: 17.09.1-ce

debian 9
@dodoao
Copy link
Author

dodoao commented Dec 27, 2017
edited
Loading

quote:#17
Thank @koenlek
It turns out that you need to use the -o allow_other option of sshfs.

docker volume create  -d vieux/sshfs   -o sshcmd=usfo@192.168.1.1:/swarm-study/web/data  -o allow_other -o password='123' sshvolume
root@f5132a8f4b84:/# su usfo
$ ls -l / | grep swarm-data
drwxr-x---   1 usfo usfo 4096 Dec 26 10:54 swarm-data

@vieux
Copy link
Owner

vieux commented Jan 3, 2018

@F1D so can I close this one ?

@dodoao dodoao closed this as completed Jan 7, 2018
@nutcr4cker
Copy link

Just another case of same behaviour can be selinux. check logs of selinux eventually you can allow this in selinux by:
setsebool -P virt_sandbox_use_fusefs 1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vieux @nutcr4cker @dodoao