uwsgi-nginx-docker icon indicating copy to clipboard operation
uwsgi-nginx-docker copied to clipboard
verified publisher icon tiangolo

python3.7 container throwing permission errors

Open minsis opened this issue 5 years ago • 3 comments

I had to rebuild my container with some new code deployment and for some reason its now throwing a permission error trying to copy the nginx.conf file. I dont provide a custom one, nor do I try to run as a non-root user:

/entrypoint.sh: 45: /entrypoint.sh: cannot create /etc/nginx/nginx.conf: Permission denied

Any ideas as to why this might be happening?

minsis avatar Jul 20 '20 16:07 minsis

@minsis are you using on openshift by any chance :)

tuananh avatar Dec 08 '20 08:12 tuananh

I am having the same proble with heroku actually, from what I got, the container is not run as root user, you have to find a way to solve the permission problems.

agaragon avatar Jan 05 '21 21:01 agaragon

@minsis are you using on openshift by any chance :)

lol, my openshift pod is failing to start while if I use oc debug into the pod it runs perfectly. It does took me a while to pinpoint the same error as suggested by this issue. Yes, openshift has some security controls that we have to bypass

Randolph-zeng avatar Feb 25 '21 13:02 Randolph-zeng

Not sure what might be, it seems it could be OpenShift, but I'm not using that, I wouldn't know for sure or how to make OpenShift work.

If you try it with pure Docker, does it work?

Sorry for the long delay! 🙈 I wanted to personally address each issue/PR and they piled up through time, but now I'm checking each one in order.

tiangolo avatar Nov 14 '22 08:11 tiangolo

for openshift, you will have 2 options

  1. add service account that runs this image to anyuid. not recommended.
  2. or update this image to use a nonroot account but in a root group

like this

https://github.com/litmuschaos/litmus/blob/00a29d8ac0d51032ee7a169f427267359836f379/litmus-portal/graphql-server/Dockerfile#L26

or this https://github.com/nginxinc/docker-nginx-unprivileged/pull/10/files

tuananh avatar Nov 14 '22 09:11 tuananh

Thanks for the help @tuananh !

@minsis you can check if that works for you.

Also, have in mind that you probably don't really need this Docker image: https://github.com/tiangolo/uwsgi-nginx-docker#-warning-you-probably-dont-need-this-docker-image

tiangolo avatar Nov 14 '22 22:11 tiangolo

Sorry it's been so long since I've worked with this container, I don't remember much about it or which project I was using it for. I think in the end I just ended up building my own container using the official python container. My usage was strictly docker running on a VM.

minsis avatar Nov 14 '22 23:11 minsis

Cool! In that case, as this is no longer a problem, you can close the issue. 🤓

tiangolo avatar Nov 20 '22 12:11 tiangolo

Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.

github-actions[bot] avatar Dec 01 '22 00:12 github-actions[bot]