server
server copied to clipboard
hashtopolis
DevContainer vscode has no permission to create .vscode-server directory
My WSL2 System is broken somehow which is why i have to use the Hyper-V backend for Docker so this could be the issue here. However, with the current docker-compose.yml configuration my vscode has no permission to create the .vscode-server folder in /var/www/:
[2022-06-08T00:20:20.015Z] mkdir: cannot create directory '/var/www/.vscode-server': Permission denied
I can however get a container running by using the following addition. I then get a The terminal process "/usr/sbin/nologin" failed to launch (exit code: 1). error, however weirdly i can then work in the devcontainer 😅 .
# hashtopolis service configuration
# ...
ports:
- "8080:80"
environment: # This is new
HOME: "/tmp"
# ...
The The terminal process "/usr/sbin/nologin" failed to launch (exit code: 1). is a bit weird, I have it from time to time aswell. The www-data user has this as default terminal, for some reason vscode sometimes ignores the .vscode config file starting the from terminal.
Regarding your permission problem, could you provide some more detailed information on which platform, which tools and the flow how you start it? Maybe post your detailed log from vscode?
Yeah i also have this just from time to time and when i get it, it usually just works haha.
Here is the log output i get from vscode after the permission denied error: log gist. Currently i'm on my working laptop which runs the WSL2 based Docker Engine, so this seems to be a general error (maybe because i'm using windows as an OS?).
Oh sorry i forgot to mention my OS, etc.:
OS: Windows 10 Enterprise OS Version: 21H2 OS Build: 19044.1645 Docker Desktop 4.8.2 (79419) with WSL2 Engine (on working Laptop) and with Hyper-V Backend (personal PC) IDE: Visual Studio Code 1.67.2
Starting Flow:
As you can see, i just commented out the DEV_CONTAINER_USER_CMD lines. The rest is the same as usual.
Thanks for sharing. The only difference I see is that I run docker with WSL2. I also tested the dev container with Linux (Ubuntu) and Mac as a host; they work as expected.
The weird thing is that during build the user should be root, but during run time the user should be www-data, which should have access to the /var/www folder (as it is the home folder of the user):
$ ls -alh /var/www
total 44K
drwxr-xr-x 1 www-data www-data 4.0K Jun 8 11:49 .
drwxr-xr-x 1 root root 4.0K Jun 7 13:46 ..
Thus the error doesn't make sense to me.
Could you figure out which user the container runs as? Maybe you have set something somewhere to change the default remote user?
Another suggestion: maybe you can overwrite the remote using in the devcontainer.json file by adding the following line?
"remoteUser": "www-data",
If the user is correct, maybe you can try to list the permissions of /var/www inside the container?
Well, i have the same Issue on Hyper-V Backend as well as on the WSL2 Backend :).
It seems that the installation of everything takes place as root, which is why my /var/www folders ownership is root:root:
www-data@f46d1e52faec:/var/www$ ls -la
total 8
drwxr-xr-x 1 root root 4096 May 28 08:09 .
drwxr-xr-x 1 root root 4096 Jun 10 11:46 ..
drwxrwxrwx 1 root root 4096 Jun 8 10:10 html
vscode then tries to install a few files inside that folder with the remoteUser, so www-data. Since vscode therefore has no permission to do so, it fails.
In the Dockerfile i changed Line 49 to be:
RUN chown -R www-data:www-data /var/www
Which, after rebuilding the hashtopolis container, lets me connect without setting the home directory to /tmp and gives me the following permission list:
www-data@899e5bcc6132:~$ ls -la
total 24
drwxr-xr-x 1 www-data www-data 4096 Jun 10 11:55 .
drwxr-xr-x 1 root root 4096 Jun 10 11:55 ..
-rw-r--r-- 1 www-data www-data 456 Jun 10 11:55 .gitconfig
drwxr-xr-x 2 www-data www-data 4096 Jun 10 11:55 .ssh
drwxr-xr-x 6 www-data www-data 4096 Jun 10 11:55 .vscode-server
drwxrwxrwx 1 root root 4096 Jun 8 10:10 html
Is there maybe a more elegant way of fixing this? This feels like a workaround somehow.
Also it seems like the error of nologin is actuallly meant to be. See this Stackoverflow solution about the purpose of nologin: In /etc/passwd, the user www-data is set to the /usr/sbin/nologin executable, which in theory should immediately disconnect the user from the shell. However the devcontainer.json might prevent this by setting the bash shell as the shell of choice via vscode settings for the devcontainer connection. Actually, if you manually exec into the container, you will be root and won't be able to su www-data because of this.
@robinduerhager could you confirm it is fixed in 48202f5706d4d59ab6400c20854f4fe218f6b029 bug/784 ?
I can confirm, that i can now start the devcontainer after removing the old ones from my docker environment. However i now get a permission error when i want to save a file.
Also tried to modify the file through nano in case this is a vscode specific error, but also got a permission error there.
That is interesting, for me it work; but I indeed see that the /var/www/html folder is owned correctly by vscode; but apache probably messed up the permissions for the src/ folder. For some reason I am stable able to save files, but the might depend on the way the mount is created per OS.
I think I solved everything. Could you test it? https://github.com/hashtopolis/server/pull/790
Please make sure you delete all containers, volumes, and images related to vscode and hashtopolis. I was able to reproduce the bug that you showed above, this happened when I didn't delete everything (I think specifically the vscode volume, but just make sure you clean up everything when testing).
I can confirm this fixes the issue on my end :). Thank you very much!