micromamba-docker icon indicating copy to clipboard operation
micromamba-docker copied to clipboard
verified publisher icon mamba-org

Cannot install new package due to micromamba user permissions.

Open darkopetrovic opened this issue 1 year ago • 3 comments

Hello,

I encounter some difficulties making micromamba docker image working properly.

I'm using the following Dockerfile:

FROM mambaorg/micromamba:1.5.6
COPY --chown=$MAMBA_USER:$MAMBA_USER env.yml /tmp/env.yml
RUN micromamba install -y -n base -f /tmp/env.yml && \
    micromamba clean --all --yes && \
    micromamba config append channels conda-forge

Then when I try to install a package:

(base) mambauser@3d801c8c358a:/workspaces/adrp$ micromamba install numpy
info     libmamba ****************** Backtrace Start ******************
debug    libmamba Loading configuration
trace    libmamba Compute configurable 'create_base'
trace    libmamba Compute configurable 'no_env'
trace    libmamba Compute configurable 'no_rc'
trace    libmamba Compute configurable 'rc_files'
trace    libmamba Compute configurable 'root_prefix'
trace    libmamba Get RC files configuration from locations up to HomeDir
trace    libmamba Configuration not found at '/home/mambauser/.mambarc'
trace    libmamba Configuration not found at '/home/mambauser/.mamba/mambarc.d'
trace    libmamba Configuration not found at '/home/mambauser/.mamba/mambarc'
trace    libmamba Configuration not found at '/home/mambauser/.mamba/.mambarc'
trace    libmamba Configuration not found at '/home/mambauser/.config/mamba/mambarc.d'
trace    libmamba Configuration not found at '/home/mambauser/.config/mamba/mambarc'
trace    libmamba Configuration not found at '/home/mambauser/.config/mamba/.mambarc'
trace    libmamba Configuration found at '/home/mambauser/.condarc'
trace    libmamba Configuration not found at '/home/mambauser/.conda/condarc.d'
trace    libmamba Configuration not found at '/home/mambauser/.conda/condarc'
trace    libmamba Configuration not found at '/home/mambauser/.conda/.condarc'
trace    libmamba Configuration not found at '/home/mambauser/.config/mamba/../conda/condarc.d'
trace    libmamba Configuration not found at '/home/mambauser/.config/mamba/../conda/condarc'
trace    libmamba Configuration not found at '/home/mambauser/.config/mamba/../conda/.condarc'
trace    libmamba Configuration not found at '/opt/conda/.mambarc'
trace    libmamba Configuration not found at '/opt/conda/condarc.d'
trace    libmamba Configuration not found at '/opt/conda/condarc'
trace    libmamba Configuration not found at '/opt/conda/.condarc'
trace    libmamba Configuration not found at '/var/lib/conda/.mambarc'
trace    libmamba Configuration not found at '/var/lib/conda/condarc.d/'
trace    libmamba Configuration not found at '/var/lib/conda/condarc'
trace    libmamba Configuration not found at '/var/lib/conda/.condarc'
trace    libmamba Configuration not found at '/etc/conda/.mambarc'
trace    libmamba Configuration not found at '/etc/conda/condarc.d/'
trace    libmamba Configuration not found at '/etc/conda/condarc'
trace    libmamba Configuration not found at '/etc/conda/.condarc'
trace    libmamba Update configurable 'no_env'
trace    libmamba Compute configurable 'envs_dirs'
trace    libmamba Compute configurable 'file_specs'
trace    libmamba Compute configurable 'spec_file_env_name'
trace    libmamba Compute configurable 'env_name'
trace    libmamba Compute configurable 'use_target_prefix_fallback'
trace    libmamba Compute configurable 'target_prefix'
critical libmamba filesystem error: last_write_time: Permission denied [/opt/conda/conda-meta/history]
info     libmamba ****************** Backtrace End ********************

I do not have the permission to write in the conda folder. The permissions are the following:

(base) mambauser@3d801c8c358a:/workspaces/adrp$ ls -l /opt/conda/conda-meta/
total 3164
-rw-r--r-- 1 57439 57439    1120 Jan  9 22:50 _libgcc_mutex-0.1-conda_forge.json
-rw-r--r-- 1 57439 57439    1485 Jan  9 22:50 _openmp_mutex-4.5-2_gnu.json
-rw-r--r-- 1 57439 57439    9573 Jan  9 22:50 bzip2-1.0.8-hd590300_5.json
-rw-r--r-- 1 57439 57439    1840 Jan  9 22:50 ca-certificates-2023.11.17-hbcca054_0.json
-rw-r--r-- 1 57439 57439    2589 Jan  9 22:50 history
-rw-r--r-- 1 57439 57439    2571 Jan  9 22:50 ld_impl_linux-64-2.40-h41732ed_0.json
-rw-r--r-- 1 57439 57439    5588 Jan  9 22:50 libffi-3.4.2-h7f98852_5.json
-rw-r--r-- 1 57439 57439    6171 Jan  9 22:50 libgcc-ng-13.2.0-h807b86a_3.json
-rw-r--r-- 1 57439 57439    2316 Jan  9 22:50 libgomp-13.2.0-h807b86a_3.json
-rw-r--r-- 1 57439 57439    5239 Jan  9 22:50 libnsl-2.0.1-hd590300_0.json
-rw-r--r-- 1 57439 57439    3332 Jan  9 22:50 libsqlite-3.44.2-h2797004_0.json
-rw-r--r-- 1 57439 57439    3242 Jan  9 22:50 libuuid-2.38.1-h0b41bf4_0.json
-rw-r--r-- 1 57439 57439    7233 Jan  9 22:50 libxcrypt-4.4.36-hd590300_1.json
-rw-r--r-- 1 57439 57439    1858 Jan  9 22:50 libzlib-1.2.13-hd590300_5.json
-rw-r--r-- 1 57439 57439 1078374 Jan  9 22:50 ncurses-6.4-h59595ed_2.json
-rw-r--r-- 1 57439 57439   61971 Jan  9 22:50 openssl-3.2.0-hd590300_1.json
-rw-r--r-- 1 57439 57439  379524 Jan  9 22:50 pip-23.3.2-pyhd8ed1ab_0.json
-rw-r--r-- 1 57439 57439  895596 Jan  9 22:50 python-3.9.18-h0755675_1_cpython.json
-rw-r--r-- 1 57439 57439   10272 Jan  9 22:50 readline-8.2-h8228510_1.json
-rw-r--r-- 1 57439 57439  185602 Jan  9 22:50 setuptools-69.0.3-pyhd8ed1ab_0.json
-rw-r--r-- 1 57439 57439  206935 Jan  9 22:50 tk-8.6.13-noxft_h4845f30_101.json
-rw-r--r-- 1 57439 57439  245458 Jan  9 22:50 tzdata-2023d-h0c530f3_0.json
-rw-r--r-- 1 57439 57439   23634 Jan  9 22:50 wheel-0.42.0-pyhd8ed1ab_0.json
-rw-r--r-- 1 57439 57439   50452 Jan  9 22:50 xz-5.2.6-h166bdaf_0.json

I do understand that the ID of mambauser is 57439 as set by the MAMBA_USER_ID variable, but do not understand why we see the ID number of the user instead of the user's name. Furthermore, why when we run cat /etc/passwd | grep mambauser we see the ID as 1000. Shouldn't be 57439 ?

(base) mambauser@3d801c8c358a:/workspaces/adrp$ cat /etc/passwd | grep mambauser
mambauser:x:1000:1000::/home/mambauser:/bin/bash

Note that when I create an image with:

FROM mambaorg/micromamba:1.5.6

and perform the installation of the environment manually in the docker, everything works properly.

The permissions are correct and I can install new package.

(base) mambauser@3d801c8c358a:/workspaces/adrp$ ls -l /opt/conda/conda-meta/
total 3164
-rw-r--r-- 1 mambauser mambauser    1120 Jan  9 23:05 _libgcc_mutex-0.1-conda_forge.json
-rw-r--r-- 1 mambauser mambauser    1485 Jan  9 23:05 _openmp_mutex-4.5-2_gnu.json
-rw-r--r-- 1 mambauser mambauser    9573 Jan  9 23:05 bzip2-1.0.8-hd590300_5.json
-rw-r--r-- 1 mambauser mambauser    1840 Jan  9 23:05 ca-certificates-2023.11.17-hbcca054_0.json
-rw-r--r-- 1 mambauser mambauser    2593 Jan  9 23:05 history
-rw-r--r-- 1 mambauser mambauser    2571 Jan  9 23:05 ld_impl_linux-64-2.40-h41732ed_0.json
-rw-r--r-- 1 mambauser mambauser    5588 Jan  9 23:05 libffi-3.4.2-h7f98852_5.json
-rw-r--r-- 1 mambauser mambauser    6171 Jan  9 23:05 libgcc-ng-13.2.0-h807b86a_3.json
-rw-r--r-- 1 mambauser mambauser    2316 Jan  9 23:05 libgomp-13.2.0-h807b86a_3.json
-rw-r--r-- 1 mambauser mambauser    5239 Jan  9 23:05 libnsl-2.0.1-hd590300_0.json
-rw-r--r-- 1 mambauser mambauser    3332 Jan  9 23:05 libsqlite-3.44.2-h2797004_0.json
-rw-r--r-- 1 mambauser mambauser    3242 Jan  9 23:05 libuuid-2.38.1-h0b41bf4_0.json
-rw-r--r-- 1 mambauser mambauser    7233 Jan  9 23:05 libxcrypt-4.4.36-hd590300_1.json
-rw-r--r-- 1 mambauser mambauser    1858 Jan  9 23:05 libzlib-1.2.13-hd590300_5.json
-rw-r--r-- 1 mambauser mambauser 1078374 Jan  9 23:05 ncurses-6.4-h59595ed_2.json
-rw-r--r-- 1 mambauser mambauser   61971 Jan  9 23:05 openssl-3.2.0-hd590300_1.json
-rw-r--r-- 1 mambauser mambauser  379524 Jan  9 23:05 pip-23.3.2-pyhd8ed1ab_0.json
-rw-r--r-- 1 mambauser mambauser  895596 Jan  9 23:05 python-3.9.18-h0755675_1_cpython.json
-rw-r--r-- 1 mambauser mambauser   10272 Jan  9 23:05 readline-8.2-h8228510_1.json
-rw-r--r-- 1 mambauser mambauser  185602 Jan  9 23:05 setuptools-69.0.3-pyhd8ed1ab_0.json
-rw-r--r-- 1 mambauser mambauser  206935 Jan  9 23:05 tk-8.6.13-noxft_h4845f30_101.json
-rw-r--r-- 1 mambauser mambauser  245458 Jan  9 23:05 tzdata-2023d-h0c530f3_0.json
-rw-r--r-- 1 mambauser mambauser   23634 Jan  9 23:05 wheel-0.42.0-pyhd8ed1ab_0.json
-rw-r--r-- 1 mambauser mambauser   50452 Jan  9 23:05 xz-5.2.6-h166bdaf_0.json

I'm running Docker Desktop version 4.24.2 (124339) on Windows.

darkopetrovic avatar Jan 09 '24 23:01 darkopetrovic

Using the image dedicated for the devcontainer ghcr.io/mamba-org/micromamba-devcontainer everythings works as expected.

darkopetrovic avatar Jan 09 '24 23:01 darkopetrovic

Hi @darkopetrovic. I do not know why you are getting these results. My best guess is there is something weird or broken with Docker Desktop on Windows. When I am at a Windows computer, I'll see if I can replicate theses results.

I just looked at the Docker Deskop release notes and I don't see anything that seems related, but can you please upgrade to the most recent version of Docker Desktop and see if the behavior changes?

wholtz avatar Jan 10 '24 00:01 wholtz

#445 may contain useful information.

Docker Desktop, on OSX at least, uses a custom mechanism for mapping host files and folders to the virtual machine and then the containers. For instance, Docker Desktop on OSX does not pass a UID < 1000 to the container.

mfhepp avatar Mar 13 '24 09:03 mfhepp