kamal
kamal copied to clipboard
basecamp
Wrong permissions on volumes
Hey! There are problem with permissions in kamal. I've added volume
ssh:
user: alec
####################
volumes:
- ./storage:/rails/public/uploads:rw
in my deploy.yml file and got a problem with permissions:
As you see - I've configured kamal to use user alec, but volume was created by/for root. It cause problems like this:
Alex, this is now a problem of Kamal. You cannot change permissions of the volume, while mounting it. All available options can be found here: https://docs.docker.com/storage/volumes/.
Maybe you are missing chown command in your Dockerfile RUN chown rails:rails /rails.
Maybe you are missing chown command in your Dockerfile RUN chown rails:rails /rails.
@igor-alexandrov nope :( I've fixed this issue by another way:
$ mkdir ./storage
$ chown -R alec:alec ./storage
anyway - it is a workaround, I think storage directory should be created automatically with setup command and owner should be set as a deploy-user from deploy.yml
Maybe I didn't got you right. Are you talking about incorrect permissions on the host machine or in the image?
@igor-alexandrov on the host machine. I think this issue is connected with #898 because of the similar symptoms. /letsencrypt and storage folders were created with incorrect owner (root instead of alec in my case)
Ok, I was wrong in my initial answer.
I am not sure that this is a responsibility of Kamal to make sure that the volume exists on the host machine. @djmb what do you think? I make a PR if you will decide to go with it.
Alex, this is now a problem of Kamal. You cannot change permissions of the volume, while mounting it. All available options can be found here: https://docs.docker.com/storage/volumes/.
Maybe you are missing chown command in your Dockerfile
RUN chown rails:rails /rails.
I can confirm this worked for me. I had a similar problem working just with a root user. Rails errored with Errno::EACCES: Permission denied @ rb_sysopen after trying to write to a custom directory. The Dockerfile already lists a few directories which set rails as the owner instead of root.
chown -R rails:rails db log storage tmp. By appending the directory to this list the owner is set to rails. Make sure to redeploy after amending the Dockerfile.
I'm not a Docker expert - hopefully there are some around - but I think this is when you are using any other than the first user on the OS.
I believe the default Dockerfile from Rails changes permissions to UID/GID 1000 which by default is root on the host and rails in the container.
Just came across this piece of documentation from a different OSS project: https://github.com/tomsquest/docker-radicale?tab=readme-ov-file#custom-usergroup-id-for-the-data-volume
You will certainly mount a volume to keep Radicale data between restart/upgrade of the container. But sharing files from the host and the container can be problematic. The reason is that radicale user in the container does not match the user running the container on the host.
To solve this, this image offers four options (see below for details):
Option 0: Do nothing, permission will be fixed by the container itself Option 1: Create a user/group with id 2999 on the host Option 2: Force the user/group ids on docker run Option 3: Build the image with a custom user/group
Hope this helps.
Also I solved this by using native docker volumes, e.g:
volumes:
- volume_name_not_a_path:/rails/storage
instead of:
volumes:
- ./storage:/rails/public/uploads:rw
This happens when the volumes are not created. Still not being the responsibility of Kamal to create them, it would be nice at least to try to be created as the configured user (if any), and if failed, elevate to root.
In my case, I solved by chown the folder with 1000 user id.
Where user id for someuser is 1000
chown -R someuser:someuser /root/my_uploads
Where on config/deploy.rb
volumes:
- "/root/my_uploads:/rails/public/uploads"
