search

theia-ide / theia-apps

Theia applications examples - docker images, desktop apps, packagings
Apache License 2.0
1.04k stars 344 forks source link

Permission denied #278

Open sorenwacker opened 4 years ago

sorenwacker commented 4 years ago

Why are all the permission denied issues here closed without a comment?

I am starting theia with:

docker run -it --init -p 3000:3000 -v "$(pwd):/home/project:cached" theiaide/theia:next

Then open an existing file and edit it. Then CTRL-s seemingly does nothing. When pressing save in the file menu also does nothing, but when I look into the stdout I see:

root ERROR Request setContent failed with error: EACCES: permission denied, open '/home/project/proteomics_tools/README.md' Error: EACCES: permission denied, open '/home/project/proteomics_tools/README.md' root ERROR Error: Request 'setContent' failed at Proxy. (http://localhost:3000/bundle.js:14:681815) at e. (http://localhost:3000/bundle.js:19:155317) at http://localhost:3000/bundle.js:19:153026 at Object.next (http://localhost:3000/bundle.js:19:153131) at a (http://localhost:3000/bundle.js:19:151874)

sorenwacker commented 4 years ago

It would be nice to get an error message when save failed. I had lost some edits due to this because I falsely assumed the file was saved.

marcdumais-work commented 4 years ago

Hi @soerendip ,

Assuming we're not facing a new bug, the permission issue is a generic docker problem - your identity (linux uid) is different in the image vs on the host, and so most likely the user in the container does not have proper permissions to modify files mounted from your host.

You can see for yourself using command id -u on your host an in the docker container.

The easiest way to avoid this is to work directly in the container, not mounting your workspace from the host (i.e. omit the -v "$(pwd):/home/project:cached" part when starting your container ). Another option is to modify the image to create a user in the container that matches your host's user uid. This is not a generic solution however, and will work only for you, on a given host.

Finally, there is this user-proposed approach that I could not confirm works, but you might have better luck: https://github.com/theia-ide/theia-apps/issues/169#issue-435518730

It would be nice to get an error message when save failed. I had lost some edits due to this because I falsely assumed the file was saved.

Agreed - there should be an error message to let the user know when this happens. @vince-fugnitto could you search the main repo for such an issue, create one if none already exists?

vince-fugnitto commented 4 years ago

Agreed - there should be an error message to let the user know when this happens. @vince-fugnitto could you search the main repo for such an issue, create one if none already exists?

There is a general issue to improve the filesystem to handle eaccess errors: https://github.com/eclipse-theia/theia/issues/915

student020341 commented 4 years ago

I'm a linux noob but I'll chime in what I did just to get stuff running. Since users can't navigate out of the project folder the ide is running on, I set permissions 777 on the folder that contains the project.

marcdumais-work commented 4 years ago

Hi @student020341

I'm a linux noob but I'll chime in what I did just to get stuff running. Since users can't navigate out of the project folder the ide is running on, I set permissions 777 on the folder that contains the project.

Thanks for sharing. Your solution is a good start. I'll just mention that if your goal is to interchangeably use the same workspace both on the host and in the theia docker image, you need to make sure your umask is set appropriately for both, else files/directories created on one could be read-only on the other.

more about umask

realvictorprm commented 4 years ago

For Linux users the most important bit to know is that the image running the IDE needs to use a non-root user which ideally should have the same ID as your user in the host system.

Moreover mount paths which don't exist in the host system yet are created by docker with sudo rights. Therefor create all paths before with the non root user to prevent any Permission Denied errors.

onefork commented 4 years ago

I was building using the same uid/gid combi. This solution works quite well as long as you don't want to share the docker image.

In Dockerfile change the adduser line to:

ARG uid
ARG gid

RUN addgroup --gid $gid theia && \
    adduser --disabled-password --gecos '' --uid $uid --gid $gid theia && \
    adduser theia sudo && \
    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers;

Then import the ids while docker build:

docker build . \
  --build-arg uid=$(id -u) \
  --build-arg gid=$(id -g) \
  --build-arg version=next \
  -t theia:next
snowch commented 3 years ago

@onefork are you running on OSX or linux?

gid for me on OSX is 20 and I get the error: addgroup: The GID '20' is already in use.

marcdumais-work commented 3 years ago

@onefork are you running on OSX or linux?

gid for me on OSX is 20 and I get the error: addgroup: The GID '20' is already in use.

Hi @snowch,

It looks like GID 20 already exists in the base Ubuntu docker image (GID below 1000 or something are reserved for system use IIRC on Linux), which is why you're not allowed to recreate it. Maybe it would work for you to just skip the addgroup command?

xniti3x commented 3 years ago

workaround: on host mashine sudo chmod 777 /the folder you want to share with theia/ in this case try sudo chmod 777 /home/project sudo chmod 777 /home/*/