Docker process doesn't run as the current user on Linux and so doesn't have the correct write permissions

[lkam-spireon]

Environment:

• Linux Mint 19
• Docker 18.09.5
• Docker running "sudo-less" per these instructions (https://docs.docker.com/install/linux/linux-postinstall/)

Steps to Reproduce:

Create a project folder in your home directory and initialize a new Sqitch project.

> cd ~
> mkdir flipr
> cd flipr
> sqitch init flipr --uri https://github.com/sqitchers/sqitch-mysql-intro/ --engine mysql
Can't open sqitch.conf.lock for writing: Permission denied

The Docker process isn't able to write folder since it's not running as the current user.

You can work create a work around by changing the permissions on the project folder.

> cd ..
> chmod 777 flipr
> cd flipr
> sqitch init flipr --uri https://github.com/sqitchers/sqitch-mysql-intro/ --engine mysql
Created sqitch.conf
Created sqitch.plan
Created deploy/
Created revert/
Created verify/

However, now the current user doesn't have permissions to edit any files or folders that Sqitch created.

> touch deploy/appuser.sql
touch: cannot touch 'deploy/appuser.sql': Permission denied

If you look at the files in the directory, you can see that they are owned by a different user.

> ls -la
total 28
drwxrwxrwx  5 parallels parallels 4096 May  1 16:44 .
drwxr-xr-x 53 parallels parallels 4096 May  1 16:37 ..
drwxr-xr-x  2      1024      1024 4096 May  1 16:44 deploy
drwxr-xr-x  2      1024      1024 4096 May  1 16:44 revert
-rw-r--r--  1      1024      1024  154 May  1 16:44 sqitch.conf
-rw-r--r--  1      1024      1024   92 May  1 16:44 sqitch.plan
drwxr-xr-x  2      1024      1024 4096 May  1 16:44 verify

Suggested Fix

Add a flag to the Docker run command in docker-sqitch.sh to run as the current user. On my Linux machine, it would look like this:

docker run -it --rm --network host \
    --mount "type=bind,src=$(pwd),dst=/repo" \
    --mount "type=bind,src=$HOME,dst=$homedst" \
    -u $(id -u ${USER}):$(id -g ${USER}) \
    "${passopt[@]}" "$SQITCH_IMAGE" "$@"

However, I'm not sure the impact this particular fix would have on the script's cross-compatibility.

[theory]

Doesn't docker run as the current user already?

[theory]

When I run it with your patch on macOS, I get an error:

# On database local
local user with ID 501 does not exist

Likely because Docker is running inside a VM. Will need to figure out where to run with the current user ID and where not to.

[theory]

I worked around this issue in another project by running a script inside the docker image that effectively does your chown 777 workaround, but it has a file that it doesn't chown, like a README, and then does:

trap finish EXIT
finish() {
    trap "" ERR
    chown -fR --reference README sqitch.* deploy revert verify
}

[theory]

Please let me know whether cd14783 fixes the issue for you, @lkam-spireon.

[lkam-spireon]

Yup, the fix worked perfectly!

> cd ~
> mkdir flipr
> cd flipr/
> sqitch init flipr --uri https://github.com/sqitchers/sqitch-mysql-intro/ --engine mysql
Created sqitch.conf
Created sqitch.plan
Created deploy/
Created revert/
Created verify/
> ls -la
total 28
drwxrwxr-x  5 parallels parallels 4096 May  3 11:08 .
drwxr-xr-x 53 parallels parallels 4096 May  3 11:08 ..
drwxr-xr-x  2 parallels parallels 4096 May  3 11:08 deploy
drwxr-xr-x  2 parallels parallels 4096 May  3 11:08 revert
-rw-r--r--  1 parallels parallels  145 May  3 11:08 sqitch.conf
-rw-r--r--  1 parallels parallels   92 May  3 11:08 sqitch.plan
drwxr-xr-x  2 parallels parallels 4096 May  3 11:08 verify
> touch deploy/appuser.sql

All the files the Docker process creates are now under the current user and I can freely edit the files.

Thank you!