[BUG] Update to docker file breaks saving data on NFS

[K4CZP3R]

Deployment details:

• App version [e.g. v1.7.4]: 2.3.0
• Platform [e.g. amd64, arm64, arm/v7]: arm64
• Docker image tag [e.g. latest, multiarch]: multiarch

---

Bug description:

Before (in ver 2.2.1) there were no chown commands and everything worked well. After introducing chown node on startup, it results in errors which are stopping container from running.

chown: /app/data/db_backups/db-221-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-168-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-171-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-211-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-170-backup.sqlite: Operation not permitted
chown: /app/data/db_backups: Operation not permitted
chown: /app/data/db_backups: Operation not permitted
chown: /app/data/themes.json: Operation not permitted
chown: /app/data/customQueries.json: Operation not permitted
chown: /app/data/uploads: Operation not permitted
chown: /app/data/uploads: Operation not permitted
chown: /app/data/config.json: Operation not permitted
chown: /app/data/db.sqlite: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted

My docker compose:

version: "3.8"
services:
  flame:
    image: pawelmalak/flame:multiarch2.2.1
    volumes:
      - type: bind
        source: /srv/nfs4/swarm-data/data/flame
        target: /app/data
      - /var/run/docker.sock:/var/run/docker.sock
...

Permissions on /srv/nfs4/swarm-data/data/flame are set to nobody:nogroup and chmod 777

ls -l of nfs flame directory:

➜  flame ls -l
total 60
-rwxrwxrwx 1 nobody nogroup   856 Jun 12 13:00 config.json
-rwxrwxrwx 1 nobody nogroup   141 Oct 12  2021 customQueries.json
drwxrwxrwx 2 nobody nogroup  4096 Jun 11 17:40 db_backups
-rwxrwxrwx 1 nobody nogroup 40960 Jun 12 12:45 db.sqlite
-rw-r--r-- 1 nobody nogroup  1734 Jun 12 12:54 themes.json
drwxrwxrwx 2 nobody nogroup  4096 Oct  5  2021 uploads

---

Steps to reproduce:

1. Bind NFS location to /app/data with root_squash
2. Run container

[HerrFrutti]

same.

[das6ng]

same problem, my deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: flame-deployment
  labels:
    app: flame
spec:
  replicas: 1
  selector:
    matchLabels:
      app: flame
  template:
    metadata:
      labels:
        app: flame
    spec:
      containers:
        - name: flame
          image: pawelmalak/flame:2.3.1
          ports:
            - containerPort: 5005
          volumeMounts:
            - mountPath: /app/data/
              name: flame-data
              subPath: flame
          env:
            - name: PASSWORD
              value: xxxxxx
      volumes:
        - name: flame-data
          persistentVolumeClaim:
            claimName: flame-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: flame-pvc
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 1Gi
  storageClassName: sc-nfs # I made the nfs storage class with kubernetes-sigs/nfs-subdir-external-provisioner and it works well for other app like usememos/memos.

the pod log:

chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted

my local cluster is:

# kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.27.3+k3s1
Kustomize Version: v5.0.1
Server Version: v1.27.3+k3s1

[danielfrg]

Simply change the command to remove it:

command = ["sh", "-c", "node server.js"]