Permission denied when creating a directory inside Docker container.

huangapple go评论79阅读模式
英文:

Permission denied when creating a directory inside Docker container

问题

User 1000 无权在 Docker 内部创建目录。要解决此错误,可以在 Dockerfile 中更改用户的 UID 和 GID,以便匹配容器中的有效用户。以下是 Dockerfile 的修改部分:

FROM sap.corp:65492/mlimages/infrastructure/multistage-base:0.4.0 AS base

# 添加以下两行来更改 UID 和 GID
ARG USER_UID=1000
ARG USER_GID=1000

WORKDIR /app

COPY config.py requirements.txt /app/
RUN pip install setuptools==57.5.0
RUN pip install -U --no-cache-dir -r requirements.txt

# 更改用户的 UID 和 GID
RUN groupadd --gid $USER_GID nonroot \
    && useradd --uid $USER_UID --gid $USER_GID -m nonroot
USER $USER_UID

COPY --chown=nonroot:nonroot api /app/api
COPY --chown=nonroot:nonroot automation /app/automation
COPY --chown=nonroot:nonroot models /app/models
COPY --chown=nonroot:nonroot stress_test /app/stress_test
COPY --chown=nonroot:nonroot tests /app/tests/
COPY --chown=nonroot:nonroot tools /app/tools
COPY --chown=nonroot:nonroot utils /app/utils
COPY --chown=nonroot:nonroot engine /app/engine

ENV PYTHONPATH /app/
WORKDIR /app/api

CMD [ "python", "main.py"]

这将确保在容器内使用与用户 1000 相同的 UID 和 GID,允许该用户创建目录和文件。这应该解决您在容器内创建目录的权限问题。

英文:

I am trying to create a directory 'data' inside a docker container and extract the contents of another zip file (my model stored in cloud) into this. But I am getting the following error.

File "/app/utils/data_utils.py", line 102, in unzip_file
zipf.extractall(dst_path)
File "/opt/conda/lib/python3.9/zipfile.py", line 1633, in extractall
self._extract_member(zipinfo, path, pwd)
File "/opt/conda/lib/python3.9/zipfile.py", line 1679, in _extract_member
os.makedirs(upperdirs)
File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/opt/conda/lib/python3.9/os.py", line 225, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/app/data/models'

My dockerfile looks as below

FROM sap.corp:65492/mlimages/infrastructure/multistage-base:0.4.0 AS base

WORKDIR /app

COPY config.py requirements.txt /app/
RUN pip install setuptools==57.5.0
RUN pip install -U --no-cache-dir -r requirements.txt

RUN groupadd --gid 1000 nonroot \
    && useradd --uid 1000 --gid 1000 -m nonroot
USER 1000

COPY --chown=nonroot:nonroot api /app/api
COPY --chown=nonroot:nonroot automation /app/automation
COPY --chown=nonroot:nonroot models /app/models
COPY --chown=nonroot:nonroot stress_test /app/stress_test
COPY --chown=nonroot:nonroot tests /app/tests/
COPY --chown=nonroot:nonroot tools /app/tools
COPY --chown=nonroot:nonroot utils /app/utils
COPY --chown=nonroot:nonroot engine /app/engine

ENV PYTHONPATH /app/
WORKDIR /app/api

CMD [ "python", "main.py"]

The code which basically does the extraction into a newly created folder looks as below

def unzip_file(src_path: str, dst_path: str) -> None:
    """
    Extract zip file in data dir
    Args:
        src_path (str):
        dst_path (str):

    Returns:
        None:
    """

    zipf = zipfile.ZipFile(src_path)
    if zipfile.is_zipfile(src_path):
        if not os.path.exists(dst_path):
            os.makedirs(dst_path, exist_ok=True)

        zipf.extractall(dst_path)
        zipf.close()
    else:
        raise Exception('Not a zipfile')

data_path = data_utils.get_project_root() + '/data/'
data_utils.unzip_file(src_path=model_path, dst_path=data_path)

Even if I create a dummy 'data' folder inside the container, I still get the same error when I try to extract the zip into this created directory.

May I know if user 1000 has permission to create a directory inside docker? If not, how can I change the Dockerfile to resolve the error?

答案1

得分: 2

根据错误消息,在Docker容器内的用户没有必要的权限来创建/app/data/models目录并将zip文件解压到其中。这是因为具有UID 1000(非root)的用户对/app/data目录没有写访问权限。

为解决此问题,您可以通过在Dockerfile中添加更改/app/data目录的所有权和权限来修改它。

USER root
RUN mkdir /app/data && chown -R nonroot:nonroot /app/data
英文:

As per the error message, the user inside the Docker container does not have the necessary permissions to create the /app/data/models directory and extract the zip file into it. This is because the user with UID 1000 (nonroot) does not have write access to the /app/data directory.

To resolve this issue, you can modify your Dockerfile by adding change ownership and permissions of the /app/data directory as below.

USER root
RUN mkdir /app/data && chown -R nonroot:nonroot /app/data

huangapple
  • 本文由 发表于 2023年6月12日 00:44:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/76451500.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定