Write file Permission Denied

Question

Write file Permission Denied

rahulbreezo opened this issue 4 years ago · 11 comments

Problem:
I would like to populate .env on the entry point command but due user being node, I am getting permission denied error while writing content to .env.

I am new to docker, so cannot figure out solution.
I tried changing user to root but got error
docker: Error response from daemon: unable to find user root: no matching entries in passwd file.
I see you have changed your user to node in your Dockerfile, and I am using your image so I cant use root user as a result getting above error.

Can you remove changing user to node in your Dockerfile, if that solves above problem.

Any user of your image can switch to node user if they wish to while using.

Answer 1 · 2021-01-08T07:48:02.000Z

Could you please details how exactly you try to populate the .env on the entrypoint? Could you provide the content of you Dockerfile?

Answer 2 · 2021-01-09T03:52:57.000Z

I am trying to populate .env by using fs.writeFileSync .
Dockerfile:

FROM node:14.15-alpine3.10 AS builder


# https://medium.com/trendyol-tech/how-we-reduce-node-docker-image-size-in-3-steps-ff2762b51d5a
RUN apk update && apk add curl bash 

# install node-prune (https://github.com/tj/node-prune)
# Combined them both such that it happens in one layer itself
RUN curl -sfL https://gobinaries.com/tj/node-prune | bash -s -- -b /usr/local/bin

WORKDIR /


RUN touch .env

COPY package-lock.json package.json ./
# Above line cuts down on local significantly
# https://btholt.github.io/complete-intro-to-containers/layers, how to not rebuild this again & again
# Copy the package.json seperately
RUN npm install --production && /usr/local/bin/node-prune

COPY . . 


# run node prune, cuts down ~ 53 MB, from 148 to 96, all from node_modules

# With this it's 148MB, rather than 240mb from node alpine, 100 MB saved
# Node modules need to be seriously trimmed down
# https://learnk8s.io/blog/smaller-docker-images
# ~ 100MB
FROM astefanutti/scratch-node



COPY --from=builder /srv /


EXPOSE 8080
ENTRYPOINT ["node", "env-var.js", "&&", "node_modules/.bin/sequelize", "&&", "node", "server.js"]

node env-var.js poulates .env file after getting secrets from aws. Then runs migration using populated .env node_modules/.bin/sequelize . At last server starts.

So I want to run migration before starting server.

@astefanutti

Answer 3 · 2021-01-11T07:54:37.000Z

Thanks. I would try to move RUN touch .env right after FROM astefanutti/scratch-node. Also it seems WORKDIR / should be WORKDIR /srv.

It may also be the home directory for the node user has to be created explicitly. But this should would have to be done in the base image.

Answer 4 · 2021-01-12T12:42:48.000Z

Had permission issues when tried to created .env after FROM astefanutti/scratch-node.

As of now building my image without using FROM astefanutti/scratch-node but now compressed has increased to 70mb from nearly 30mb.

Answer 5 · 2021-01-12T14:36:26.000Z

I've done a quick test and this seems to be working:

FROM node:12.2.0-alpine as builder

WORKDIR /test

RUN echo 'TEST' > .env

FROM astefanutti/scratch-node:14.14.0-amd64

COPY --from=builder /test /test

WORKDIR /test

ENTRYPOINT ["node", "-e", "var fs = require('fs'); console.log(fs.readFileSync('.env').toString());"]

Answer 6 · 2021-01-12T14:43:10.000Z

bro you are reading fs.readFileSync('.env').toString(). I need to write .env, thats where I am getting permission issue

Answer 7 · 2021-01-12T14:58:16.000Z

Ah sorry, I think I finally get what you're trying to achieve 😃. Using COPY --chown=<UID> should do the trick, e.g.:

FROM node:12.2.0-alpine as builder

WORKDIR /test

RUN touch .env

FROM astefanutti/scratch-node:14.14.0-amd64

COPY --from=builder --chown=1000 /test /test

WORKDIR /test

ENTRYPOINT ["node", "-e", "var fs = require('fs'); fs.writeFileSync('.env', 'TEST'); console.log(fs.readFileSync('.env').toString());"]

Answer 8 · 2021-01-12T15:03:16.000Z

Thanks, Will try it and respond.
I tried chown with soemthing like this chown=node:node but did not work.
I did not know about UID=1000 :)

Answer 9 · 2021-01-12T15:05:46.000Z

Right. Not sure why it doesn't work with the user id. It has to be the UID. I'll see if it has something to do with the way the node user is created. Keep me in touch.

Answer 10 · 2021-01-12T16:09:17.000Z

Thanks, Writing to env works but now I am having issues in running this
ENTRYPOINT ["node", "env-var.js", "&&", "node_modules/.bin/sequelize", "db:migarte", "&&", "node", "server.js"]

But I think that has nothing to do with your image , Its working as expected. So I will see how to fix above thing.
Closing Issue.

Answer 11 · 2021-01-12T16:13:11.000Z

Thanks for the feedback.