docker-flask-example
docker-flask-example copied to clipboard
Fix UID when copying files
If the UID in the host is != to the python UID created in the Dockerfile, the entrypoint script fails since the cp
command doesn't have permission.
A --uid
needs to be added here (https://github.com/nickjj/docker-flask-example/blob/main/Dockerfile#L47) so the id that gets created in the image is the same as the host.
Hi,
Which environment are you running where this is an issue?
So far I've tested this on a bunch of Windows DD, macOS DD and native Linux systems and it's been ok.
Are you running native Linux where your host user isn't 1000:1000
? I could see that being an issue, but usually you're in control of being able to set your uid:gid
on a native Linux dev box. In production it's usually not an issue since you wouldn't be using volumes, but on a self managed box typically you'd have control over your uid:gid
if you did need them for whatever reason.
It's a tricky one to solve because the Node stage has a node
user already created by the official image with a hardcoded 1000
for the uid:gid
so we'd run into the issue there unless a 2nd user were to be created.
Are you running native Linux where your host user isn't
1000:1000
Yep. My uid:gid
is 1001 in my machine.
I could see that being an issue, but usually you're in control of being able to set your
uid:gid
on a native Linux dev box or self managed VPS.
Well.. it's not that straight forward, since you have to log-out from that user and change the uid
by being root and with no process currently being run by that user.. so it's requires some work.
`hardcoded 1000 for the uid:gid so we'd run into the issue there unless a 2nd user were to be created.
Well.. you can always set the user
flag and start the container with that gid
even though the user doesn't exist on the system. I recall seeing some docker run -u "$(id -u)"
exactly for this permission issue.
What happens if you add this line to the x-app: &default-app
list of properties in docker-compose.yml
as well as the webpack
service in docker-compose.override.yml
:
user: "${UID:-1000}:${GID:-1000}"
Then in your .env
file, add these 2 lines:
export UID=1001
export GID=1001
This would bypass having to change the Dockerfile
. It's working on my machine here with 1000:1000
and if I change those .env
vars to 1001:1001
then I get a permission denied error which makes sense since I don't have a user with 1001 here.
And potentially even better, if you already have UID
and GID
available in your shell then you don't need to override the .env
file, it should work out of the box. I believe on most Linux systems and shells those env vars should be set?
Can you try in both cases? One where you don't set the custom vars in .env
and another case where you do? The shell version should take priority so I guess in theory if it's already set in your shell then whatever you put in .env
will get ignored anyways.
Nope, this doesn't work and it makes sense on why it doesn't work. I tried it out with a 2nd user on my system.
I mean it technically works in the sense permissions would be correct but the containers don't run because package dependencies have been installed with the 1000:1000
user at build time and setting user: "1001:1001"
at runtime is much more than adjusting volume permissions. The container is being run as that user who has no knowledge of those dependencies because they've been installed as 1000:1000
.
Also in the case of the Node stage in this project, there's an explicit chown
in the Dockerfile
to ensure the 1000:1000
user has write access to /node_modules
, but 1001:1001
won't have write access there so you get permission denied. This happened when Tailwind tried to write a file at runtime to somewhere in /node_modules
.
Hey I know it's been a while but there's a potential fix for this issue in https://github.com/nickjj/docker-flask-example/pull/7.
Can you please try out that PR and let me know how it goes? All you'd have to do before building and upping the project is modify the .env
file to use UID=1001
and GID=1001
(there's existing values commented out in the .env.example
file). You should be able to build and up the project without permission issues.
I ended up merging https://github.com/nickjj/docker-flask-example/pull/7 which should fix this.