ZINC_DATA_PATH is not writable

[jwillmer]

What were you trying to achieve?
Running the docker image

What action did you take?
Running stock example with mapped valume path returns error. Same is true if I don't specify any volume mount.

docker run -v /root/docker/zincsearch:/data -e DATA_PATH="/data" -p 4080:4080 \
    -e ZINC_FIRST_ADMIN_USER=admin -e ZINC_FIRST_ADMIN_PASSWORD=Complexpass#123 \
    --name zinc public.ecr.aws/h9e2j3o7/zinc:latest

What action/response/output did you expect?
Running app

What actually happened?

{"level":"debug","time":"2022-09-06T14:44:50Z","message":"open .env: no such file or directory"}
{"level":"fatal","error":"mkdir data/_test_: permission denied","time":"2022-09-06T14:44:50Z","message":"ZINC_DATA_PATH is not writable"}

How to reproduce the issue?
Just start it

What version of ZincSearch are you using?
I tried with latest and 0.3.1

Anything else that you can tell that will help us diagnose and resolve the issue efficiently?
I am running a ubuntu server.

[prabhatsharma]

can you try:

chmod a+rwx /root/docker/zincsearch

[tymonx]

This is caused by wrong user:group between the directory from the host machine /root/docker/zincsearch that assume is root:root and from container that is appuser:appuser set in the Zinc Dockerfile with disabled write permission for others when creating new directory using the mkdir command from the host machine.

To solve this, overwrite the Zinc image user with the --user root Docker run argument:

docker run --user root -v /root/docker/zincsearch:/data -e DATA_PATH="/data" -p 4080:4080 \
    -e ZINC_FIRST_ADMIN_USER=admin -e ZINC_FIRST_ADMIN_PASSWORD=Complexpass#123 \
    --name zinc public.ecr.aws/h9e2j3o7/zinc:latest

If you are also planning using Zinc in Docker Compose or Docker Swarm use the user: root directive. It also work for named volumes. For volumes with host path as source --volume <host-path>:<container-path> in OS with SELinux add :rw,z at the end of the volume option --volume <host-path>:<container-path>:rw,z.

[jwillmer]

Ok, great, thank you for the workaround. But I think you should fix this. You can't use a user without root and then break the deployment / require workarounds for it. I uploaded a gist on how we prevent this from happening in our images. Please have a look and see if it is any use for you: Create image without root user and folder access

[tymonx]

I agree with @jwillmer (sorry but I'm not a Zinc contributor only humble Zinc user).

Zinc team should create and add default directory with ownership for appuser:appuser and set the DATA_PATH environment variable on default to this value in their Dockerfile. This should work with host source and also named volumes out-of-box.

[hengfeiyang]

@jwillmer i saw the link, if you don't mount directory it can work. But if you mount outside directory, in container we are nothing can do except use root user for zinc.

You can run zinc without mount directory, it no need create directory and give it permission:

docker run  -p 4080:4080 -e ZINC_FIRST_ADMIN_USER=admin -e ZINC_FIRST_ADMIN_PASSWORD=Complexpass#123  --name zinc public.ecr.aws/zinclabs/zinc:latest

[jwillmer]

As I said event this does not work

[hengfeiyang]

@jwillmer, Thanks, i will fix it.

[tymonx]

@hengfeiyang I have created a proper Pull Request that will fix this #516

docker volume create zinc

docker run -v zinc:/var/lib/zinc -p 4080:4080 \
    -e ZINC_FIRST_ADMIN_USER=admin -e ZINC_FIRST_ADMIN_PASSWORD=Complexpass#123 \
    --name zinc zinc

I can also create Pull Request for Zinc documentation to encourage people to use named volumes rather that host source paths.

If someone really want to use host source path (I discourage it):

mkdir -p zinc
chmod a+w zinc

docker run -v "$(pwd)/zinc:/var/lib/zinc" -p 4080:4080 \
    -e ZINC_FIRST_ADMIN_USER=admin -e ZINC_FIRST_ADMIN_PASSWORD=Complexpass#123 \
    --name zinc zinc

I would not recommended to add 0777 permissions in the Dockerfile. It will only unnecessary expose Zinc data.