Permission denied when creating a directory inside Docker container.

huangapple
go评论109阅读模式
英文:

Permission denied when creating a directory inside Docker container

问题

User 1000 无权在 Docker 内部创建目录。要解决此错误,可以在 Dockerfile 中更改用户的 UID 和 GID,以便匹配容器中的有效用户。以下是 Dockerfile 的修改部分:

  1. FROM sap.corp:65492/mlimages/infrastructure/multistage-base:0.4.0 AS base
  3. # 添加以下两行来更改 UID 和 GID
  4. ARG USER_UID=1000
  5. ARG USER_GID=1000
  7. WORKDIR /app
  9. COPY config.py requirements.txt /app/
  10. RUN pip install setuptools==57.5.0
  11. RUN pip install -U --no-cache-dir -r requirements.txt
  13. # 更改用户的 UID 和 GID
  14. RUN groupadd --gid $USER_GID nonroot \
  15.     && useradd --uid $USER_UID --gid $USER_GID -m nonroot
  16. USER $USER_UID
  18. COPY --chown=nonroot:nonroot api /app/api
  19. COPY --chown=nonroot:nonroot automation /app/automation
  20. COPY --chown=nonroot:nonroot models /app/models
  21. COPY --chown=nonroot:nonroot stress_test /app/stress_test
  22. COPY --chown=nonroot:nonroot tests /app/tests/
  23. COPY --chown=nonroot:nonroot tools /app/tools
  24. COPY --chown=nonroot:nonroot utils /app/utils
  25. COPY --chown=nonroot:nonroot engine /app/engine
  27. ENV PYTHONPATH /app/
  28. WORKDIR /app/api
  30. CMD [ "python", "main.py"]

这将确保在容器内使用与用户 1000 相同的 UID 和 GID,允许该用户创建目录和文件。这应该解决您在容器内创建目录的权限问题。

英文:

I am trying to create a directory 'data' inside a docker container and extract the contents of another zip file (my model stored in cloud) into this. But I am getting the following error.

  1. File "/app/utils/data_utils.py", line 102, in unzip_file
  2. zipf.extractall(dst_path)
  3. File "/opt/conda/lib/python3.9/zipfile.py", line 1633, in extractall
  4. self._extract_member(zipinfo, path, pwd)
  5. File "/opt/conda/lib/python3.9/zipfile.py", line 1679, in _extract_member
  6. os.makedirs(upperdirs)
  7. File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
  8. makedirs(head, exist_ok=exist_ok)
  9. File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
  10. makedirs(head, exist_ok=exist_ok)
  11. File "/opt/conda/lib/python3.9/os.py", line 215, in makedirs
  12. makedirs(head, exist_ok=exist_ok)
  13. File "/opt/conda/lib/python3.9/os.py", line 225, in makedirs
  14. mkdir(name, mode)
  15. PermissionError: [Errno 13] Permission denied: '/app/data/models'

My dockerfile looks as below

  1. FROM sap.corp:65492/mlimages/infrastructure/multistage-base:0.4.0 AS base
  3. WORKDIR /app
  5. COPY config.py requirements.txt /app/
  6. RUN pip install setuptools==57.5.0
  7. RUN pip install -U --no-cache-dir -r requirements.txt
  9. RUN groupadd --gid 1000 nonroot \
  10.     && useradd --uid 1000 --gid 1000 -m nonroot
  11. USER 1000
  13. COPY --chown=nonroot:nonroot api /app/api
  14. COPY --chown=nonroot:nonroot automation /app/automation
  15. COPY --chown=nonroot:nonroot models /app/models
  16. COPY --chown=nonroot:nonroot stress_test /app/stress_test
  17. COPY --chown=nonroot:nonroot tests /app/tests/
  18. COPY --chown=nonroot:nonroot tools /app/tools
  19. COPY --chown=nonroot:nonroot utils /app/utils
  20. COPY --chown=nonroot:nonroot engine /app/engine
  22. ENV PYTHONPATH /app/
  23. WORKDIR /app/api
  25. CMD [ "python", "main.py"]

The code which basically does the extraction into a newly created folder looks as below

  1. def unzip_file(src_path: str, dst_path: str) -> None:
  2.     """
  3.     Extract zip file in data dir
  4.     Args:
  5.         src_path (str):
  6.         dst_path (str):
  8.     Returns:
  9.         None:
  10.     """
  12.     zipf = zipfile.ZipFile(src_path)
  13.     if zipfile.is_zipfile(src_path):
  14.         if not os.path.exists(dst_path):
  15.             os.makedirs(dst_path, exist_ok=True)
  17.         zipf.extractall(dst_path)
  18.         zipf.close()
  19.     else:
  20.         raise Exception('Not a zipfile')
  22. data_path = data_utils.get_project_root() + '/data/'
  23. data_utils.unzip_file(src_path=model_path, dst_path=data_path)

Even if I create a dummy 'data' folder inside the container, I still get the same error when I try to extract the zip into this created directory.

May I know if user 1000 has permission to create a directory inside docker? If not, how can I change the Dockerfile to resolve the error?

答案1

得分: 2

根据错误消息,在Docker容器内的用户没有必要的权限来创建/app/data/models目录并将zip文件解压到其中。这是因为具有UID 1000(非root)的用户对/app/data目录没有写访问权限。

为解决此问题,您可以通过在Dockerfile中添加更改/app/data目录的所有权和权限来修改它。

  1. USER root
  2. RUN mkdir /app/data && chown -R nonroot:nonroot /app/data
英文:

As per the error message, the user inside the Docker container does not have the necessary permissions to create the /app/data/models directory and extract the zip file into it. This is because the user with UID 1000 (nonroot) does not have write access to the /app/data directory.

To resolve this issue, you can modify your Dockerfile by adding change ownership and permissions of the /app/data directory as below.

  1. USER root
  2. RUN mkdir /app/data && chown -R nonroot:nonroot /app/data

huangapple
  • 本文由 发表于 2023年6月12日 00:44:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/76451500.html
  • docker
  • dockerfile
  • python
  • user-permissions
  • zip
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定