code-server
code-server copied to clipboard
coder
About the Permission for docker container auto create directory [Bug]: [Docs]:
Is there an existing issue for this?
- [X] I have searched the existing issues
OS/Web Information
- Web Browser: Chrome
- Local OS: macOS
- Remote OS:Centos7
- Remote Architecture: amd64
code-server --version:codercom/code-server:4.4.0- Docker Version:docker-ce 20.10.17
Steps to Reproduce
Follow the install manua for Docker ,my container run command:
docker run -it --name code-server -p 127.0.0.1:8080:8080 \
-v /home/vsc/.config/code-server:/home/coder/.config/code-server \
-v /home/vsc/myproject:/home/coder/project \
-u 1001:1001 \
-e DOCKER_USER=vsc \
codercom/code-server:latest
Expected
I want to create or edit my code project file in /home/coder/project, but it will tips permission defined in Browser.
Actual
I have done some research for this promble.
The codercom/code-server:latest images not exists the directory /home/coder/project, docker will auto create this directory when the containter init, but the uid (and gid) isn't follow the env DOCKER_USER (or -u option ) which auto docker auto create, so these auto create directory or file only read on the code-server running.
The issue #4166 and #1191 look like the same problem, and the #1191 maybe is a way to fix, which is create the directory when the images build (use dockerfile). I'm not suer it is a good way because of the users maybe want to set other customer directory or file persistently, such as project directory, user-data-dir, extensions-dir.
Anyways, the install manual for Docker -v "$PWD:/home/coder/project" \ is not useful unless the images have the /home/coder/project.
During my research, I found the other images linuxserver/code-server,which is referenced in the install manua for Docker for arm32 support. This images is very different from the codercom/code-server, and the important is it has the /config directory, which is ready for the workspace directory ,user-data-dir, extensions-dir, and I can mount these path on the host machine. It is very useful and nice!
Finally, I found that any directory or file which I mount on the container from linuxserver/code-server, it will auto be changed for abc uid and abc gid, which is the default runing user for the container. I think maybe can do something on image buliding for learning this point?
Logs
No response
Screenshot/Video
No response
Does this issue happen in VS Code or GitHub Codespaces?
- [X] I cannot reproduce this in VS Code.
- [X] I cannot reproduce this in GitHub Codespaces.
Are you accessing code-server over HTTPS?
- [X] I am using HTTPS.
Notes
No response
Anyways, the install manual for Docker -v "$PWD:/home/coder/project" \ is not useful unless the images have the /home/coder/project.
Thanks for opening this. So do you think we should remove this from the docs?
I'm not sure if this will mislead users, and there's no way to persist a project directroy on the host machine because of the permission promble.
Ahh okay. Hmm... I don't use code-server via Docker so I'm hesitant to recommend any specific changes. I guess we can leave this open for now until we decide on a solution (suggestions welcome).
Emm, I only see Docker is the best way to use Code-Server because of the file permission promble.
I try to install and use the code-server by the way of install.sh, finally, I can visit (or read) all system files on browser ! I feel that it is not what I want to see, even if I specify that the Code-Server can only write or execute some files or directories.
So, the Docker, which can isolate the system environment, I think it's the recommended way to use Code-Server. ( I guess not only a small number of Code-Server users think so :)
What worked for me is (with inside docker support with sudo):
- create a folder to work in, and
cd <name>into it, - prepare mount folder by
mkdir -p home/.config - Run this command:
docker run \
-it --name code-server \
-p 8080:8080 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$(pwd)/home:/home/coder/" \
-u "$(id -u):$(id -g)" \
-e "DOCKER_USER=$USER" \
codercom/code-server:latest
@yonixw thanks for posting your solution! Do you think we should update the docs?
Just tried it again on a windows machine (WSL2+Docker Desktop) and worked, when before worked on an Ubuntu VM.
So I don't see why not, but I am not that familiar with the the rules here and if it's enough.
Here is the output I experienced (running + getting the password) for reference...
/tmp$ mkdir my-code-server
/tmp$ cd my-code-server/
/tmp/my-code-server$ mkdir -p home/.config
/tmp/my-code-server$ docker run \
> -it --name code-server \
> -p 8080:8080 \
> -v /var/run/docker.sock:/var/run/docker.sock \
> -v "$(pwd)/home:/home/coder/" \
> -u "$(id -u):$(id -g)" \
> -e "DOCKER_USER=$USER" \
> codercom/code-server:latest
Unable to find image 'codercom/code-server:latest' locally
latest: Pulling from codercom/code-server
....
Digest: sha256:b87de935cbd1ec8dcc8b42af53ac37d68236137a02b743563383cb0da31d59d1
Status: Downloaded newer image for codercom/code-server:latest
[2022-08-22T16:43:18.424Z] info Wrote default config file to ~/.config/code-server/config.yaml
[2022-08-22T16:43:18.711Z] info code-server 4.6.0 6d3f9ca6a6df30a1bfad6f073f6fa33c0e63abdb
[2022-08-22T16:43:18.712Z] info Using user-data-dir ~/.local/share/code-server
[2022-08-22T16:43:18.720Z] info Using config file ~/.config/code-server/config.yaml
[2022-08-22T16:43:18.720Z] info HTTP server listening on http://0.0.0.0:8080/
[2022-08-22T16:43:18.720Z] info - Authentication is enabled
[2022-08-22T16:43:18.720Z] info - Using password from ~/.config/code-server/config.yaml
[2022-08-22T16:43:18.720Z] info - Not serving HTTPS
^Ctrl-C
/tmp/my-code-server$ cat home/.config/code-server/config.yaml
bind-addr: 127.0.0.1:8080
auth: password
password: <redacted>
cert: false
``
These comments are probably enough then. If we get another report, we can update the docs. Thanks for your help!