Permission denied when running the executable it installed

[DannyBen]

Hi.

Running on Ubuntu 18, I get permission denied errors, not sure why.
Here is what I do and what I tested.

$ sudo whalebrew install dannyben/rush
Installed dannyben/rush to /usr/local/bin/rush

$ ls -la /usr/local/bin/rush
-rwxr-xr-x 1 root root 64 Apr 21 18:29 /usr/local/bin/rush

$ cat /usr/local/bin/rush
#!/usr/bin/env whalebrew
image: dannyben/rush
working_dir: /app

$ rush
bash: /usr/local/bin/rush: Permission denied

# and to verify the image is ok
$ docker run --rm -it dannyben/rush --version
0.5.8

I found a couple of duplicate issues, but they were closed and from 2017.

[tjamet]

Hi! sorry I missed this one.

can I ask you how is whalebrew /usr/local/bin/rush --version working?

[DannyBen]

Same thing. But when running sudo whalebrew, it works.

$ whalebrew /usr/local/bin/rush --version
bash: /usr/local/bin/rush: Permission denied

$ sudo whalebrew /usr/local/bin/rush --version
0.5.8

$ ls -l /usr/local/bin/{whale,rush}*
-rwxr-xr-x 1 root root       64 Oct 16 13:59 /usr/local/bin/rush
-rwxrwxrwx 1 root root 15958371 Oct 16 13:44 /usr/local/bin/whalebrew

Note that I am testing it with whalebrew 0.2.3, since 0.2.4 does not work.

[tjamet]

ok, I think I understand what is happening
When you run a package, whalebrew will, by default, add the -u $(id -u):$(id -g) fo files are mounted and executed as the standard user.
I am not familiar with rush at all but it looks like it does not support to be run as a different user than the one it is built for in the container.
For this, whalebrew has an option to keep the same user as in the image: LABEL io.whalebrew.config.keep_container_user 'true'
You can also edit your /usr/local/bin/rush and add the option keep_container_user: true in a new line.

in other words, your /usr/local/bin/rush should look like

#!/usr/bin/env whalebrew
image: dannyben/rush
working_dir: /app
keep_container_user: true

This will have the effect to disable the default option to keep the current user ID:

whalebrew/run/docker.go

Line 78 in 3158fcd

if !p.KeepContainerUser {

[DannyBen]

I don' understand - why are you modifying container users in the first place?
I thought the entire mandate of whalebrew was to provide alternative to

alias rush="docker run -it --rm dannyben/rush"

If it runs with "docker run..." it should run with whalebrew.

[tjamet]

The purpose of running as user is to solve the problem of writing to files.
The purpose of whalebrew is to provide a package manager

like Homebrew, but with Docker images

When you install any package on your system, later, when you run the command as any user, you expect the command to be run as your user. Here Whalebrew has, by default, the same behaviour.

A large proportion of the packages actually needs to access and write files on the filesystem, which, in case this flag is not set, issues like #40 or #11 . There are though, as you pointed, some packages for which the user ID they set is important. They are, from my experience, mostly packages that does not need to access the file system. For those, whalebrew has the keep_container_user flag described above.

[DannyBen]

Thanks. I am closing this.

For my needs, any of the below two approaches is probably more suitable:

alias rush="docker run -it --rm dannyben/rush"

or, to create a file /usr/local/bin/rush

#!/usr/bin/env bash
docker run -it --rm dannyben/rush