Permission denied missing write access to /opt/app/node_modules

Question

Permission denied missing write access to /opt/app/node_modules

jnlsn opened this issue 6 years ago · 9 comments

Following the instructions from the README, I cannot install additional Node packages with docker-compose exec node npm install --save <package name> due to write permissions of the 'node' user. If I update docker-compose.yml to set the user as 'root', I can again install pacakges. I'm not sure if this is the best way to solve the install permissions or not.

Answer 1 · 2018-12-19T14:30:35.000Z

+1 I also have this same problem, any tips on a solution?

Answer 2 · 2018-12-20T02:42:21.000Z

I think setting the user as root in docker-compose.yml is fine. It allows you to install packages in development but doesn't affect production security as the Dockerfile isn't modified and the docker-stack.yml will be used instead of the compose file. This is also the way I have fixed permission based issues in development and it has worked for me. There might be a better way though.

What do you think @BretFisher?

Answer 3 · 2019-01-09T08:14:17.000Z

+666 I have the save problem. Not sure how to solve it in a production-secure way.

Answer 4 · 2019-02-04T06:59:31.000Z

@aidengaripoli suggestion works great IMO. Just make sure you have CI tests that test any write permissions you might need in container at runtime so you don't get caught in prod with a container that's running under user permissions and have write problems (cache files, user uploads, etc.) that you didn't have in dev due to root user.

Answer 5 · 2019-02-25T06:52:08.000Z

A few options to solve this depending on what you'd like to do, in order of my preference (feedback welcome!):

Fix the permissions on node_modules so they are all installed as node user, which means moving the USER Dockerfile stanza up to before npm install. This keeps your dev and prod permissions the same without reducing security (node_modules are typically the same permissions as your app files anyway.) I like this idea so much I'm going to update the repo to use this method by default, which requires moving node_modules down a directory to ensure npm has permissions to write to the pwd of node_modules. I'll close this issue with that commit but feel free to keep commenting.
Run your exec commands as root using -u root and specify the working directory to the proper /opt with: docker-compose exec -u root -w /opt/ node npm install --save <package name>
Update docker-compose.yml with the user:root key to run the CMD as root for local development. I now like the above two options better.

Answer 6 · 2019-02-25T06:54:40.000Z

Note option 2 above has a issue with using -w in the last few versions of docker-compose so follow that bug over here: docker/compose#6528

Answer 7 · 2019-03-26T22:08:23.000Z

Dependencies can be installed again, but I still get the EBUSY: resource busy or locked error on package.json and package-lock.json due to the bind mount. Is there any way to fix this?

I'm on macOS 10.14.3 with Docker 18.09.2 and Docker Compose 1.23.2.

Answer 8 · 2019-03-31T17:51:39.000Z

I'm having the same issue as @nielsbril any update guys?

Answer 9 · 2020-10-22T12:07:52.000Z

Dependencies can be installed again, but I still get the EBUSY: resource busy or locked error on package.json and package-lock.json due to the bind mount. Is there any way to fix this?

I'm on macOS 10.14.3 with Docker 18.09.2 and Docker Compose 1.23.2.

Was getting the error with npm. Switched to using yarn and it works.