Docker Community Forums

Share and learn in the Docker community.

Tomcat container - permission issues


(Vahankh) #1

Hi,

The following is my container definition.

FROM tomcat:9
    
# Setup environment
ENV DEBIAN_FRONTEND noninteractive

# Install
RUN \
  sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \
  apt-get update && \
  apt-get -y upgrade && \
  apt-get install -y build-essential && \
  apt-get install -y software-properties-common && \
  apt-get install -y byobu curl git htop man unzip vim wget curl bash-completion

RUN \
  rm -R $CATALINA_HOME/webapps/* && \
  addgroup -gid 900 tomcat && \
  adduser --home $CATALINA_HOME -uid 900 -ingroup tomcat --shell /bin/bash --system --no-create-home --disabled-login --disabled-password tomcat && \
  chown -R tomcat:tomcat $CATALINA_HOME && \
  chmod 400 $CATALINA_HOME/conf/* && \
  chmod -R 550 $CATALINA_HOME && \
  chmod -R 300 $CATALINA_HOME/logs && \
  chmod -R 770 $CATALINA_HOME/temp

RUN \
  mkdir /opt/webapps && \
  chown -R tomcat:tomcat /opt/webapps && \
  chmod -R 550 /opt/webapps && \
  sed -i -- 's/appBase="webapps"/appBase="\/opt\/webapps"/g' $CATALINA_HOME/conf/server.xml

USER tomcat

I run it as:
docker run --name test8 -p 8080:8080 -dit -w /opt/webapps -v ~/java/auth/target/jersey.war:/opt/webapps/jersey.war 767a1d00c9f9

My issue is that I’m having problems with permissions:
org.glassfish.jersey.internal.ServiceConfigurationError: org.glassfish.jersey.internal.inject.InjectionManagerFactory: : java.nio.file.AccessDeniedException: /usr/local/tomcat/temp/jar_cache233032146325887534.tmp

Though I’ve checked the /usr/local/tomcat/temp is owned by tomcat user. And when I run bash on my docker I can’t create a file in the temp folder.

I don’t have any clue what to try next. Your advice will be highly appreciated as I have very little experience with docker.


(David Skowronski) #2

Off the top of my head it’s probably the host machine id mismatch. Make sure the host machine(s) that your containers are running on for tomcat user is also 900. Or try adding a user to run command—user=tomcat:tomcat.

Nvm on the user option I see you set it in the Dockerfile. You could try running with user=root to debug the issue.