Cannot chown files inside the container

[yannisc]

I started using d4m-nfs, but my scripts changing file ownership cannot run. I get:

chown: changing ownership of 'filename_here': Operation not permitted

How can I solve that?

[pensiero]

Did you try with sudo?

On Sat, Oct 29, 2016, 11:27 Yannis Karampelas notifications@github.com wrote:

I started using d4m-nfs, but my scripts changing file ownership cannot run. I get:

chown: changing ownership of 'filename_here': Operation not permitted

How can I solve that?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/IFSight/d4m-nfs/issues/11, or mute the thread https://github.com/notifications/unsubscribe-auth/AB6uSFMxl9L9ErQeG7HDvjdTyNKdDTEQks5q4xGRgaJpZM4KkEbO .

[yannisc]

Yes, sudo doesn't work either.

[if-kenn]

@yannisc since d4m-nfs obviously uses NFS for volume mounting, for security reasons by default it exports the NFS mounts with the UID and GID of the currently running user on the Mac.

So even root on the containers does not have the right to change ownership.

If don't think you are able to get around this limitation, I can make it so that you specify what UID and GID you would want the NFS volumes exported as. In your case it would be 0:0 (root:wheel).

Let me know if you would want this added as a feature.

[yannisc]

I need a way to be able to have nginx inside the container to be able to write/change files. I used to chown folders and files to nginx:nginx in order to achieve that, but now it's not possible. A workaround would be highly desirable.

On Saturday, October 29, 2016, Kenn Herman notifications@github.com wrote:

@yannisc https://github.com/yannisc since d4m-nfs obviously uses NFS for volume mounting, for security reasons by default it exports the NFS mounts with the UID and GID of the currently running user.

So even root on the containers does not have the right to change ownership.

If don't think you are able to get around this limitation, I can make it so that you specify what UID and GID you would want the NFS volumes exported as. In your case it would be 0:0 (root:wheel).

Let me know if you would want this added as a feature.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/IFSight/d4m-nfs/issues/11#issuecomment-257099879, or mute the thread https://github.com/notifications/unsubscribe-auth/AAq_hW7T2Ch1nE-POwo2PrIHq1rU76Ucks5q427PgaJpZM4KkEbO .

Sent from my Mobile

[if-kenn]

@yannisc i have made it so that you can optionally specify the UID and GID for mounts.

For it to work, on your Mac you will need to remove the previously created lines in your /etc/exports file.

Then in d4m-nfs-mounts.txt specify it with syntax like:

/<srcdir>:<dstdir>:<uid>:<gid>

For example if you are trying to export /var/www/html with root UID and GID it would be like this:

/var/www/html:var/www/html:0:0

Let me know if this works so I can close the issue.

[yannisc]

I changed the exports file by hand and reran d4m-nfs, but running d4m-nfs again, I get:

Copy the Moby VM APK Cache back conflicting exports for /Users/Yannis, localhost exports:7: export option conflict for /Users/Yannis Something is wrong with your /etc/exports file, please check it.

[if-kenn]

Please provide what you have in your d4m-nfs-mounts.txt and what the contents of /etc/exports is after you have run it.

[yannisc]

I didn't have a d4m-nfs-mounts.txt file. I created one in the etc folder with:

/Users/Yannis/sites:/mnt:0:0

and now I get:

Copy the Moby VM APK Cache back exports:4: /Users/Yannis conflicts with existing export /Users/Yannis/sites Something is wrong with your /etc/exports file, please check it.

and /etc/exports contains:

"/Users/Yannis/sites" -alldirs -mapall=0:0 localhost "/Users/Yannis" -alldirs -mapall=501:20 localhost

[if-kenn]

Please remove the contents of /etc/exports again, pull the latest from this repo and try again.

[yannisc]

Yes, now I can chown inside the container! You are great! thank you!

[if-kenn]

Great to hear!