When mounting volumes, cp -Rv /etc/prosody.default/* /etc/prosody/: permission denied

unclev / prosody-docker-extended

Docker image building system for the Prosody XMPP server with Community Modules and telnet console

MIT License

25 stars 9 forks source link

When mounting volumes, cp -Rv /etc/prosody.default/* /etc/prosody/: permission denied #16

Closed hyperak closed 4 years ago

hyperak commented 4 years ago

Hello!

I just tried to run docker run --name xmpp --hostname dieg.io -p 5222:5222 -p 5269:5269 -v /srv/prosody/config:/etc/prosody -v /srv/prosody/data:/var/lib/prosody -v /srv/prosody/log:/var/log/prosody -v /srv/prosody/modules/community:/usr/lib/prosody/modules-community -v /srv/prosody/modules/custom:/usr/lib/prosody/modules-custom unclev/prosody-docker-extended:latest to briefly test if the container works but I get this error:

+ cp -Rv /etc/prosody.default/certs /etc/prosody.default/migrator.cfg.lua /etc/prosody.default/prosody.cfg.lua /etc/prosody/
cp: cannot create directory '/etc/prosody/certs': Permission denied
cp: cannot create regular file '/etc/prosody/migrator.cfg.lua': Permission denied
cp: cannot create regular file '/etc/prosody/prosody.cfg.lua': Permission denied

All relevant directories on the real system are rwxr-xr-x, so it's definitely not a permissions issue on my side?

Could it be the container's fault? This is the first time I try Docker out for real... I did try my google fu, by the way.

unclev commented 4 years ago

Hi @hyperak ,

I'm sorry for inconvenience,

so it's definitely not a permissions issue on my side?

Could it be the container's fault?

Yes this is kind of the container fault, but it is known ( #6 , #7 ), - not the permission, but the ownership issue.

The host directories you mount must be pre-created with the expected ownership 1000:1000.

After

sudo chown -Rv 1000:1000 /srv/prosody

the container should start (the server starts in behalf of the normal prosody user inside the container):

docker run --rm --name xmpp --hostname dieg.io -p 5222:5222 -p 5269:5269 \
           -v /srv/prosody/config:/etc/prosody \
           -v /srv/prosody/data:/var/lib/prosody \
           -v /srv/prosody/log:/var/log/prosody \
           -v /srv/prosody/modules/community:/usr/lib/prosody/modules-community \
           -v /srv/prosody/modules/custom:/usr/lib/prosody/modules-custom \
unclev/prosody-docker-extended:latest

unclev commented 4 years ago

@hyperak, is this enough to fix your issue?

unclev commented 4 years ago

There is also a long discussion on volume (according to the initial request (#2259) - bind-mount) ownership in the Docker repo (the Moby project) including some workarounds and security implications.

I'm closing this (prosody-docker-extended #16) issue as there is no response for more than 2 months, and it seems there is nothing to fix within the currently applied approach.