Permission denied when creating a directory inside Docker container

I am trying to create a directory 'data' inside a docker container and extract the contents of another zip file (my model stored in cloud) into this. But I am getting the following error.

File "/app/utils/data_utils.py", line 102, in unzip_file
zipf.extractall(dst_path)
File "/opt/conda/lib/python3.9/zipfile.py", line 1633, in extractall
self._extract_member(zipinfo, path, pwd)
File "/opt/conda/lib/python3.9/zipfile.py", line 1679, in _extract_member
os.makedirs(upperdirs)
File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/opt/conda/lib/python3.9/os.py", line 225, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/app/data/models'

My dockerfile looks as below

FROM sap.corp:65492/mlimages/infrastructure/multistage-base:0.4.0 AS base

WORKDIR /app

COPY config.py requirements.txt /app/
RUN pip install setuptools==57.5.0
RUN pip install -U --no-cache-dir -r requirements.txt

RUN groupadd --gid 1000 nonroot \
    && useradd --uid 1000 --gid 1000 -m nonroot
USER 1000

COPY --chown=nonroot:nonroot api /app/api
COPY --chown=nonroot:nonroot automation /app/automation
COPY --chown=nonroot:nonroot models /app/models
COPY --chown=nonroot:nonroot stress_test /app/stress_test
COPY --chown=nonroot:nonroot tests /app/tests/
COPY --chown=nonroot:nonroot tools /app/tools
COPY --chown=nonroot:nonroot utils /app/utils
COPY --chown=nonroot:nonroot engine /app/engine

ENV PYTHONPATH /app/
WORKDIR /app/api

CMD [ "python", "main.py"]

The code which basically does the extraction into a newly created folder looks as below

def unzip_file(src_path: str, dst_path: str) -> None:
    """
    Extract zip file in data dir
    Args:
        src_path (str):
        dst_path (str):

    Returns:
        None:
    """

    zipf = zipfile.ZipFile(src_path)
    if zipfile.is_zipfile(src_path):
        if not os.path.exists(dst_path):
            os.makedirs(dst_path, exist_ok=True)

        zipf.extractall(dst_path)
        zipf.close()
    else:
        raise Exception('Not a zipfile')

data_path = data_utils.get_project_root() + '/data/'
data_utils.unzip_file(src_path=model_path, dst_path=data_path)

Even if I create a dummy 'data' folder inside the container, I still get the same error when I try to extract the zip into this created directory.

May I know if user 1000 has permission to create a directory inside docker? If not, how can I change the Dockerfile to resolve the error?

As per the error message, the user inside the Docker container does not have the necessary permissions to create the /app/data/models directory and extract the zip file into it. This is because the user with UID 1000 (nonroot) does not have write access to the /app/data directory.

To resolve this issue, you can modify your Dockerfile by adding change ownership and permissions of the /app/data directory as below.

USER root
RUN mkdir /app/data && chown -R nonroot:nonroot /app/data