Docker permissions are different when running on CodeBuild
I am using ruby:2.5.1-alpine
for my application's container image. When I run make release
locally, which runs the following commands:
docker-compose build --pull release
docker-compose up --abort-on-container-exit test
The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1
as the host environment I get the following error:
Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.
I checked the git permissions and everything looks kosher:
edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]
I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.
Locally I get:
test_1_4d039799a73c | File permissions for bin/console are
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>
And On the CodeBuild server I get:
File permissions for bin/console are
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>
As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:
RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT
WORKDIR $APP_ROOT
This was part of the issue:
https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769
After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.
·[36mcodebuild_1 |·[0m File permissions for bin/console are
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>
Not sure how to go about debugging this.
ruby amazon-web-services docker aws-codebuild
add a comment |
I am using ruby:2.5.1-alpine
for my application's container image. When I run make release
locally, which runs the following commands:
docker-compose build --pull release
docker-compose up --abort-on-container-exit test
The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1
as the host environment I get the following error:
Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.
I checked the git permissions and everything looks kosher:
edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]
I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.
Locally I get:
test_1_4d039799a73c | File permissions for bin/console are
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>
And On the CodeBuild server I get:
File permissions for bin/console are
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>
As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:
RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT
WORKDIR $APP_ROOT
This was part of the issue:
https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769
After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.
·[36mcodebuild_1 |·[0m File permissions for bin/console are
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>
Not sure how to go about debugging this.
ruby amazon-web-services docker aws-codebuild
Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container
– Paul
Jan 4 at 13:00
@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.
– Constantine
Jan 25 at 14:34
I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too
– Paul
Jan 27 at 0:18
add a comment |
I am using ruby:2.5.1-alpine
for my application's container image. When I run make release
locally, which runs the following commands:
docker-compose build --pull release
docker-compose up --abort-on-container-exit test
The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1
as the host environment I get the following error:
Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.
I checked the git permissions and everything looks kosher:
edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]
I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.
Locally I get:
test_1_4d039799a73c | File permissions for bin/console are
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>
And On the CodeBuild server I get:
File permissions for bin/console are
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>
As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:
RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT
WORKDIR $APP_ROOT
This was part of the issue:
https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769
After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.
·[36mcodebuild_1 |·[0m File permissions for bin/console are
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>
Not sure how to go about debugging this.
ruby amazon-web-services docker aws-codebuild
I am using ruby:2.5.1-alpine
for my application's container image. When I run make release
locally, which runs the following commands:
docker-compose build --pull release
docker-compose up --abort-on-container-exit test
The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1
as the host environment I get the following error:
Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.
I checked the git permissions and everything looks kosher:
edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]
I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.
Locally I get:
test_1_4d039799a73c | File permissions for bin/console are
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>
And On the CodeBuild server I get:
File permissions for bin/console are
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>
As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:
RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT
WORKDIR $APP_ROOT
This was part of the issue:
https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769
After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.
·[36mcodebuild_1 |·[0m File permissions for bin/console are
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>
Not sure how to go about debugging this.
ruby amazon-web-services docker aws-codebuild
ruby amazon-web-services docker aws-codebuild
edited Nov 27 '18 at 17:12
Constantine
asked Nov 27 '18 at 14:24
ConstantineConstantine
14639
14639
Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container
– Paul
Jan 4 at 13:00
@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.
– Constantine
Jan 25 at 14:34
I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too
– Paul
Jan 27 at 0:18
add a comment |
Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container
– Paul
Jan 4 at 13:00
@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.
– Constantine
Jan 25 at 14:34
I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too
– Paul
Jan 27 at 0:18
Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container
– Paul
Jan 4 at 13:00
Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container
– Paul
Jan 4 at 13:00
@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.
– Constantine
Jan 25 at 14:34
@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.
– Constantine
Jan 25 at 14:34
I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too
– Paul
Jan 27 at 0:18
I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too
– Paul
Jan 27 at 0:18
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53501834%2fdocker-permissions-are-different-when-running-on-codebuild%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53501834%2fdocker-permissions-are-different-when-running-on-codebuild%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container
– Paul
Jan 4 at 13:00
@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.
– Constantine
Jan 25 at 14:34
I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too
– Paul
Jan 27 at 0:18