docker-flask-example icon indicating copy to clipboard operation
docker-flask-example copied to clipboard

Published 20 hours ago verified publisher icon nickjj

Fix UID when copying files

Open marcosnils opened this issue 3 years ago • 5 comments

If the UID in the host is != to the python UID created in the Dockerfile, the entrypoint script fails since the cp command doesn't have permission.

A --uid needs to be added here (https://github.com/nickjj/docker-flask-example/blob/main/Dockerfile#L47) so the id that gets created in the image is the same as the host.

marcosnils avatar Jun 09 '21 19:06 marcosnils

Hi,

Which environment are you running where this is an issue?

So far I've tested this on a bunch of Windows DD, macOS DD and native Linux systems and it's been ok.

Are you running native Linux where your host user isn't 1000:1000? I could see that being an issue, but usually you're in control of being able to set your uid:gid on a native Linux dev box. In production it's usually not an issue since you wouldn't be using volumes, but on a self managed box typically you'd have control over your uid:gid if you did need them for whatever reason.

It's a tricky one to solve because the Node stage has a node user already created by the official image with a hardcoded 1000 for the uid:gid so we'd run into the issue there unless a 2nd user were to be created.

nickjj avatar Jun 09 '21 21:06 nickjj

Are you running native Linux where your host user isn't 1000:1000

Yep. My uid:gid is 1001 in my machine.

I could see that being an issue, but usually you're in control of being able to set your uid:gid on a native Linux dev box or self managed VPS.

Well.. it's not that straight forward, since you have to log-out from that user and change the uid by being root and with no process currently being run by that user.. so it's requires some work.

`hardcoded 1000 for the uid:gid so we'd run into the issue there unless a 2nd user were to be created.

Well.. you can always set the user flag and start the container with that gid even though the user doesn't exist on the system. I recall seeing some docker run -u "$(id -u)" exactly for this permission issue.

marcosnils avatar Jun 10 '21 02:06 marcosnils

What happens if you add this line to the x-app: &default-app list of properties in docker-compose.yml as well as the webpack service in docker-compose.override.yml:

    user: "${UID:-1000}:${GID:-1000}"

Then in your .env file, add these 2 lines:

export UID=1001
export GID=1001

This would bypass having to change the Dockerfile. It's working on my machine here with 1000:1000 and if I change those .env vars to 1001:1001 then I get a permission denied error which makes sense since I don't have a user with 1001 here.

nickjj avatar Jun 10 '21 11:06 nickjj

And potentially even better, if you already have UID and GID available in your shell then you don't need to override the .env file, it should work out of the box. I believe on most Linux systems and shells those env vars should be set?

Can you try in both cases? One where you don't set the custom vars in .env and another case where you do? The shell version should take priority so I guess in theory if it's already set in your shell then whatever you put in .env will get ignored anyways.

nickjj avatar Jun 10 '21 12:06 nickjj

Nope, this doesn't work and it makes sense on why it doesn't work. I tried it out with a 2nd user on my system.

I mean it technically works in the sense permissions would be correct but the containers don't run because package dependencies have been installed with the 1000:1000 user at build time and setting user: "1001:1001" at runtime is much more than adjusting volume permissions. The container is being run as that user who has no knowledge of those dependencies because they've been installed as 1000:1000.

Also in the case of the Node stage in this project, there's an explicit chown in the Dockerfile to ensure the 1000:1000 user has write access to /node_modules, but 1001:1001 won't have write access there so you get permission denied. This happened when Tailwind tried to write a file at runtime to somewhere in /node_modules.

nickjj avatar Jun 10 '21 12:06 nickjj

Hey I know it's been a while but there's a potential fix for this issue in https://github.com/nickjj/docker-flask-example/pull/7.

Can you please try out that PR and let me know how it goes? All you'd have to do before building and upping the project is modify the .env file to use UID=1001 and GID=1001 (there's existing values commented out in the .env.example file). You should be able to build and up the project without permission issues.

nickjj avatar Sep 26 '22 00:09 nickjj

I ended up merging https://github.com/nickjj/docker-flask-example/pull/7 which should fix this.

nickjj avatar Oct 01 '22 13:10 nickjj