search

mattrayner / docker-lamp

A simple LAMP image using Ubuntu, Apache, PHP and MySql in a single image
Apache License 2.0
592 stars 262 forks source link

chown: cannot read directory '/app': Permission denied #116

Open mmsrubar opened 3 years ago

mmsrubar commented 3 years ago

Hello I followed the instructions from the README file to run the container:

docker run -p "80:80" -v ${PWD}/app:/app mattrayner/lamp:latest-1804

but when I start the container I see following error:

chown: cannot read directory '/app': Permission denied

which results in not being able to access the files in the /app directory. I tried to connect to the running container and the problem is that it didn't get the right group (stuff):

root@4e5131c0be30:/# ls -ls /
total 116
4 drwxr-xr-x.   2 www-data  1000 4096 Jan  6 11:51 app

I tried to change it manually but failed:

root@4e5131c0be30:/# id
uid=0(root) gid=0(root) groups=0(root)
root@4e5131c0be30:/# chown -R www-data:staff /app
chown: cannot read directory '/app': Permission denied

That surprised me so I googled a I bit and found that adding USER root to the Dockerfile might help but it didn't. Build the image from scratch also didn't help. If I run the container without the -v ${PWD}/app:/app part it works just fine.

I'm running the container using Fedora33 with Docker version 19.03.13, build 4484c46. Am I missing something?

mmsrubar commented 3 years ago

I found out that docker volume inherits the UID and GID of the of the host, so it's more my lack of docker knowledge.

pzhlkj6612 commented 3 years ago

Hi! Thank you for sharing, I didn't know this before either.

mattrayner commented 3 years ago

Hi, I’ve not tested this on Fedora, only on windows and Mac, it certainly sounds like a permissions issue, you should be able to pass your UID and GID to the image as environment variables to fix this (I think)

On Thu, 7 Jan 2021 at 00:09, Mozi notifications@github.com wrote:

Hi! Thank you for sharing, I didn't know this before either.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mattrayner/docker-lamp/issues/116#issuecomment-755789280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA2XGNXCS3RLYDWKHCH45PLSYT3UPANCNFSM4VXOEM7Q .

-- Matt Rayner http://www.mattrayner.co.uk/

nguyenhai97 commented 3 years ago

What you did to fix this issue?? I tried to pass UID and GID to the image but thing not seem to go well for me, love to know how you guys fix it

mattrayner commented 3 years ago

@mmsrubar, did you manage to fix this issue?

nguyenhai97 commented 3 years ago

I found the solution by my self for fedora podman, by passing :Z after mount point I manage to allow SELinux and have it work as expected using podman (non root daemon version of docker): podman container run --name lamp1804-demo -p "8080:80" -v ${PWD}/app:/app:Z lamp1804 about docker, I have no such problems using docker image

Adog64 commented 1 year ago

@nguyenhai97 Your solution worked for me. I am using docker-compose on Fedora Server 38 on a Raspberry Pi. The following solved any mkdir: cannot create directory: ... : Permission denied and any chown problems as well.

volumes:
  - ./data:/data:Z
  - ./letsencyrypt:/etc/letsencrypt:Z