Permission denied missing write access to /opt/app/node_modules
jnlsn opened this issue · 9 comments
Following the instructions from the README, I cannot install additional Node packages with docker-compose exec node npm install --save <package name>
due to write permissions of the 'node' user. If I update docker-compose.yml to set the user as 'root', I can again install pacakges. I'm not sure if this is the best way to solve the install permissions or not.
+1 I also have this same problem, any tips on a solution?
I think setting the user as root in docker-compose.yml
is fine. It allows you to install packages in development but doesn't affect production security as the Dockerfile
isn't modified and the docker-stack.yml
will be used instead of the compose file. This is also the way I have fixed permission based issues in development and it has worked for me. There might be a better way though.
What do you think @BretFisher?
+666 I have the save problem. Not sure how to solve it in a production-secure way.
@aidengaripoli suggestion works great IMO. Just make sure you have CI tests that test any write permissions you might need in container at runtime so you don't get caught in prod with a container that's running under user permissions and have write problems (cache files, user uploads, etc.) that you didn't have in dev due to root user.
A few options to solve this depending on what you'd like to do, in order of my preference (feedback welcome!):
- Fix the permissions on node_modules so they are all installed as
node
user, which means moving theUSER
Dockerfile stanza up to beforenpm install
. This keeps your dev and prod permissions the same without reducing security (node_modules are typically the same permissions as your app files anyway.) I like this idea so much I'm going to update the repo to use this method by default, which requires movingnode_modules
down a directory to ensurenpm
has permissions to write to the pwd ofnode_modules
. I'll close this issue with that commit but feel free to keep commenting. - Run your exec commands as root using
-u root
and specify the working directory to the proper/opt
with:docker-compose exec -u root -w /opt/ node npm install --save <package name>
- Update
docker-compose.yml
with theuser:root
key to run the CMD as root for local development. I now like the above two options better.
Note option 2 above has a issue with using -w
in the last few versions of docker-compose so follow that bug over here: docker/compose#6528
Dependencies can be installed again, but I still get the EBUSY: resource busy or locked
error on package.json
and package-lock.json
due to the bind mount. Is there any way to fix this?
I'm on macOS 10.14.3 with Docker 18.09.2 and Docker Compose 1.23.2.
I'm having the same issue as @nielsbril any update guys?
Dependencies can be installed again, but I still get the
EBUSY: resource busy or locked
error onpackage.json
andpackage-lock.json
due to the bind mount. Is there any way to fix this?I'm on macOS 10.14.3 with Docker 18.09.2 and Docker Compose 1.23.2.
Was getting the error with npm
. Switched to using yarn
and it works.