Docker Community Forums

Share and learn in the Docker community.

Chmod permission denied

(Vipconsult) #1

OS X: version 10.11.3 (build: 15D21) version v1.11.0-beta7
Running diagnostic tests:
[OK] docker-cli
[OK] Moby booted
[OK] driver.amd64-linux
[OK] vmnetd
[OK] osxfs
[OK] db
[OK] slirp
[OK] menubar
[OK] environment
[OK] Docker
[OK] VT-x
Docker logs are being collected into /tmp/20160417-115851.tar.gz
Most specific failure is: No error was detected
Your unique id is: 47779643-9B0A-41C6-A6C3-B95D1BDD5CF6

Steps to reproduce the behavior

docker run -d -p 80:80 -v /hostDataFolder:/var/lib/mysql mysql:5.6

chown: changing ownership of ‘/var/lib/mysql/…’: Permission denied

I tried using privileged and cap-add all but no difference so maybe something to do with the new way the host shares are handled

(David Sheets) #2

What specifically is /hostDataFolder? Which user owns that directory? Docker for Mac runs primarily as your user even when sharing the host file system so if the directory being shared is not owned by the user/group that started the Docker for Mac application, changing ownership will fail.

I could not reproduce your exact error but see

$ docker run --rm -e MYSQL_ALLOW_EMPTY_PASSWORD=1 -v `pwd`/foo:/var/lib/mysql mysql:5.6
Initializing database
FATAL ERROR: Could not chown directory /var/lib/mysql//mysql

when the empty `pwd`/foo is owned by root.

Please, keep in mind that the Docker for Mac Beta is not yet production-grade software and data loss may occur. I recommend keeping backups of any important data that you use with Docker for Mac. With that said, we very much appreciate your reports and look forward to more in the future. If the ownership of the host directory is not the cause of the fault, we would be happy to debug further.

Thanks for participating in the Docker for Mac Beta!

(Vipconsult) #3

Not sure how we should deal with this. Some apps require special permissions and ownership (postgresql for example needs to be owned by the postgresql user) and change these at runtime.

(David Sheets) #4

The permissions on OS X are not mapped into containers in Docker for Mac Beta. Currently, we use a simplified permissions model where user and group ownership is squashed to the requesting uid/gid in the container. In the near future, we will move to a model where container permissions are persisted in parallel to OS X file system permissions.

If you change the permissions on the host to a uid/gid that your user account has rights to modify, does it work?

Finally, we don’t currently support [f]stat[v]fs syscalls into bind mounted directories so PostgreSQL may fail to run if it demands answers about the volume via those calls. Support for this use case will be shipped soon.

(Vipconsult) #5

This has always been a pain , saying this I don’t think I have a better idea how to improve.

Would it be possible to set some bind options for mounted volumes and host folders something like:
docker run --rm -e MYSQL_ALLOW_EMPTY_PASSWORD=1 -v /foo:/var/lib/mysql -vg 1100:666 -vg 1200:555 -vu 1300:777
meaning any file or folder with
gid in the host 1100 will be a gid of 666 in the container
gid in the host 1200 will be a gid of 555 in the container
uid in the host 1300 will be a uid of 666 in the container

if possible wouldn’t this eliminate the problem ?

Tried your suggestion and changed the owner and group to my own user , but still fails with the same error

I even did sudo chmod -R 777 and still the same error

privileged and cap_add ALL
also didn’t help

mysql and postgresql handle the permissions the same way - entrypoint script which runs chmod …
the only difference is that postgresql will refuse to start unless correct onwer is set

chmod 700 "$PGDATA"
chown -R postgres “$PGDATA”

(David Sheets) #6

I cannot reproduce the issue. Could you please provide an explicit set of steps, with Dockerfile if necessary, which triggers the issue for you?

(Vipconsult) #7

I think I forgot to recreate the container after changing the permissions.

now with 777 it works fine.

this reveals the problem , but doesn’t actually solve it.

postgresql still wouldn’t run unless the data folder is is owned by the postgres user

did you read about my suggestion and what do you think ?