Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mounted volumes change permissions to root:nogroup #693

Open
naomiaro opened this issue Mar 3, 2022 · 4 comments
Open

Mounted volumes change permissions to root:nogroup #693

naomiaro opened this issue Mar 3, 2022 · 4 comments

Comments

@naomiaro
Copy link

naomiaro commented Mar 3, 2022
edited
Loading

Description

I'm on Big Sur

docker -v
Docker version 20.10.12, build e91ed5707e

Hello, I'm just trying a simple Dockerfile like this:

FROM node:16

RUN mkdir /web && chown node:node /web

WORKDIR /web

COPY --chown=node:node package.json package-lock.json* ./
USER node
RUN npm install --legacy-peer-deps && npm cache clean --force

COPY --chown=node:node . .

EXPOSE 3000

Which has a couple volumes mounted in docker-compose.

volumes:
      - ./react:/web
      - /web/node_modules

If there are no volume mounts, the container is running with files under user:group node:node like expected, but once I mount volumes, these files are having their users and groups changed to root:nogroup.

Docker Desktop mounts the volumes keeping node:node permissions in the container.

Is there anyway with Lima to achieve this same behaviour? Thanks.
@brambaud
Copy link

Same behaviour here.

For instance

$ cat > test.txt
This is a test
^C

$ ls -asl "$(PWD)"
4 -rw-r--r--  1 foo  15 Mar 14 15:57 test.txt

$ docker run --rm -it -v "$(PWD)":/app --user nginx nginx:1.19.1 ls -asl /app
total 4
4 -rw-r--r-- 1 root nogroup 15 Mar 14 14:57 test.txt

Whereas with Docker Desktop:

$ docker run --rm -it -v "$(PWD)":/app --user nginx nginx:1.19.1 ls -asl /app
total 4
4 -rw-r--r-- 1 nginx nginx 15 Mar 14 14:57 test.txt
Versions MacOS : Monterey 
$ limactl --version
limactl version 0.9.1
$ docker --version
Docker version 20.10.13, build a224086349

@Hermsi1337
Copy link

Hermsi1337 commented Jun 21, 2022
edited
Loading

Same problem here.. inside the lima-VM the permissions are the same as on macOS:

# macos

❯ echo $UID $GID
503 20

❯ mdls docker.yaml
kMDItemFSOwnerGroupID                  = 20
kMDItemFSOwnerUserID                   = 503

# limaVM

dhermsmeier@lima-docker:/Users/dhermsmeier/Downloads$ ls -lah
-rw-r--r--  1 dhermsmeier dialout 3.6K Jun 15 06:46  docker.yaml

dhermsmeier@lima-docker:/Users/dhermsmeier/Downloads$ stat docker.yaml
Access: (0644/-rw-r--r--)  Uid: (  503/dhermsmeier)   Gid: (   20/ dialout)

As soon as I mount the files inside a container, the permissions are lost:

dhermsmeier@lima-docker:/Users/dhermsmeier/Downloads$ docker run --entrypoint ash -it --rm -v $(pwd):/app alpine

/app # stat /app/docker.yaml
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (65534/  nobody)

Versions:

❯ limactl --version
limactl version HEAD-de546da

❯ docker --version
Docker version 20.10.17, build 100c70180f

❯ system_profiler SPSoftwareDataType
Software:

    System Software Overview:

      System Version: macOS 12.4 (21F79)
      Kernel Version: Darwin 21.5.0

@Hermsi1337
Copy link

Ok, the permission-issue is related to this docker-rootless-thing.

I've recreated my lima-vm with rootful docker and now all permissions are correct.

This is my current vm-spec if you want to try:
https://gist.github.com/Hermsi1337/cae623b87b2070431c63cf0b12b54a8c

NOTE: you have to reboot the vm after creatig it; limactl stop -f docker && sleep 5 && limactl start docker

@jshbrntt
Copy link

jshbrntt commented Feb 7, 2024
edited
Loading

Ok, the permission-issue is related to this docker-rootless-thing.

I've recreated my lima-vm with rootful docker and now all permissions are correct.

This is my current vm-spec if you want to try: https://gist.github.com/Hermsi1337/cae623b87b2070431c63cf0b12b54a8c

NOTE: you have to reboot the vm after creatig it; limactl stop -f docker && sleep 5 && limactl start docker

I get this issue with the docker template, I don't think it's anything to do with rootful vs rootless.

It seems the bind mount will only set UID and GID to either 0 or 65565 and nowhere in between.

See the following example.

$ cd /tmp/lima

$ limactl --version
limactl version 0.20.1

$ touch test

$ ls -ln
total 0
-rw-r--r--  1 501  0  0  7 Feb 01:26 test

$ docker run -it --rm -v `pwd`:`pwd` -w `pwd` alpine sh

/tmp/lima # ls -ln
total 0
-rw-r--r--    1 0        65534            0 Feb  7 01:26 test

/tmp/lima # touch test2

/tmp/lima # ls -ln
total 0
-rw-r--r--    1 0        65534            0 Feb  7 01:26 test
-rw-r--r--    1 0        65534            0 Feb  7 01:26 test2

/tmp/lima # exit

$ ls -ln                                               
total 0
-rw-r--r--  1 501  0  0  7 Feb 01:26 test
-rw-r--r--  1 501  0  0  7 Feb 01:26 test2

$ sudo chown 1000:1000 test test2

$ ls -ln
total 0
-rw-r--r--  1 1000  1000  0  7 Feb 01:26 test
-rw-r--r--  1 1000  1000  0  7 Feb 01:26 test2

$ docker run -it --rm -v `pwd`:`pwd` -w `pwd` alpine sh
/tmp/lima # ls -ln
total 0
-rw-r--r--    1 65534    0                0 Feb  7 01:26 test
-rw-r--r--    1 65534    0                0 Feb  7 01:26 test2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@naomiaro @jshbrntt @brambaud @Hermsi1337