Permission denied in Docker container

[CrazyCrud]

Hello,

many thanks for the great work to Annif!

I have initialised the Docker container, but I can't execute commands like annif list-projects or annif list-vocabs in the container itself because the permissions are missing.

annif list-vocabs
Traceback (most recent call last):
  File "/usr/local/bin/annif", line 6, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/flask/cli.py", line 357, in decorator
    return __ctx.invoke(f, *args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/Annif/annif/cli.py", line 124, in run_list_vocabs
    languages = ",".join(sorted(vocab.languages))
  File "/Annif/annif/vocab.py", line 111, in languages
    return self.subjects.languages
  File "/Annif/annif/vocab.py", line 69, in subjects
    path = os.path.join(self.datadir, self.INDEX_FILENAME_CSV)
  File "/Annif/annif/datadir.py", line 18, in datadir
    os.makedirs(self._datadir_path)
  File "/usr/local/lib/python3.10/os.py", line 215, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/local/lib/python3.10/os.py", line 215, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/local/lib/python3.10/os.py", line 225, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: 'data'

All files in the mounted directory as well as the /usr/ folder belong to the root user. The Dockerfile states that the current user as well as the files should instead belong to the annif_user, but it doesn't seem this way.

Can you recommend any steps I could take?

Many thanks in advance!

Best regards Constantin

[juhoinkinen]

Hi and thanks @CrazyCrud!

With which command are you starting the container? Are you really mounting some folder from the host machine into the container? If you start annif container as-is, the working directory is /annif-projects:

docker run -it quay.io/natlibfi/annif pwd
/annif-projects

And it is owned by annif_user:

docker run -it quay.io/natlibfi/annif ls -la
total 8
drwxr-xr-x 1 annif_user annif_user 4096 Aug 10  2023 .
drwxr-xr-x 1 root       root       4096 Feb 21 08:51 ..

The /usr folder should be irrelevant for using annif.

When you need to mount some folder to the container, which you probably will need when training projects, the best approach is to make the user in the container the same as on host with the -u option. See the Annif Wiki page:

docker run \
    -v ~/annif-projects:/annif-projects \
    -u $(id -u):$(id -g) \
    -it quay.io/natlibfi/annif bash

You could also check Annif-tutorial excercise about using Annif with Docker.

[CrazyCrud]

@juhoinkinen thank you very much! It works now and the permissions are correctly set. I think the -u option did the trick.

Thank you & best regards Constantin

[juhoinkinen]

Good you got it working!