docker-lamp icon indicating copy to clipboard operation
docker-lamp copied to clipboard
verified publisher icon mattrayner

chown: cannot read directory '/app': Permission denied

Open mmsrubar opened this issue 5 years ago • 7 comments

Hello I followed the instructions from the README file to run the container:

docker run -p "80:80" -v ${PWD}/app:/app mattrayner/lamp:latest-1804

but when I start the container I see following error:

chown: cannot read directory '/app': Permission denied

which results in not being able to access the files in the /app directory. I tried to connect to the running container and the problem is that it didn't get the right group (stuff):

root@4e5131c0be30:/# ls -ls /
total 116
4 drwxr-xr-x.   2 www-data  1000 4096 Jan  6 11:51 app

I tried to change it manually but failed:

root@4e5131c0be30:/# id
uid=0(root) gid=0(root) groups=0(root)
root@4e5131c0be30:/# chown -R www-data:staff /app
chown: cannot read directory '/app': Permission denied

That surprised me so I googled a I bit and found that adding USER root to the Dockerfile might help but it didn't. Build the image from scratch also didn't help. If I run the container without the -v ${PWD}/app:/app part it works just fine.

I'm running the container using Fedora33 with Docker version 19.03.13, build 4484c46. Am I missing something?

mmsrubar avatar Jan 06 '21 12:01 mmsrubar

I found out that docker volume inherits the UID and GID of the of the host, so it's more my lack of docker knowledge.

mmsrubar avatar Jan 06 '21 13:01 mmsrubar

Hi! Thank you for sharing, I didn't know this before either.

pzhlkj6612 avatar Jan 07 '21 00:01 pzhlkj6612

Hi, I’ve not tested this on Fedora, only on windows and Mac, it certainly sounds like a permissions issue, you should be able to pass your UID and GID to the image as environment variables to fix this (I think)

On Thu, 7 Jan 2021 at 00:09, Mozi [email protected] wrote:

Hi! Thank you for sharing, I didn't know this before either.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mattrayner/docker-lamp/issues/116#issuecomment-755789280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA2XGNXCS3RLYDWKHCH45PLSYT3UPANCNFSM4VXOEM7Q .

-- Matt Rayner http://www.mattrayner.co.uk/

mattrayner avatar Jan 07 '21 08:01 mattrayner

What you did to fix this issue?? I tried to pass UID and GID to the image but thing not seem to go well for me, love to know how you guys fix it

nguyenhai97 avatar Apr 05 '21 07:04 nguyenhai97

@mmsrubar, did you manage to fix this issue?

mattrayner avatar Sep 19 '21 21:09 mattrayner

I found the solution by my self for fedora podman, by passing :Z after mount point I manage to allow SELinux and have it work as expected using podman (non root daemon version of docker): podman container run --name lamp1804-demo -p "8080:80" -v ${PWD}/app:/app:Z lamp1804 about docker, I have no such problems using docker image

nguyenhai97 avatar Sep 20 '21 01:09 nguyenhai97

@nguyenhai97 Your solution worked for me. I am using docker-compose on Fedora Server 38 on a Raspberry Pi. The following solved any mkdir: cannot create directory: ... : Permission denied and any chown problems as well.

volumes:
  - ./data:/data:Z
  - ./letsencyrypt:/etc/letsencrypt:Z

Adog64 avatar Aug 11 '23 12:08 Adog64