Docker permissions are different when running on CodeBuild












2















I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:



docker-compose build --pull release
docker-compose up --abort-on-container-exit test


The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1 as the host environment I get the following error:



Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.


I checked the git permissions and everything looks kosher:



edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]


I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.



Locally I get:



test_1_4d039799a73c | File permissions for bin/console are 
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>


And On the CodeBuild server I get:



File permissions for bin/console are 
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>


As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:



RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT

WORKDIR $APP_ROOT


This was part of the issue:



https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769



After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.



 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>


Not sure how to go about debugging this.










share|improve this question

























  • Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

    – Paul
    Jan 4 at 13:00











  • @Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

    – Constantine
    Jan 25 at 14:34











  • I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

    – Paul
    Jan 27 at 0:18
















2















I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:



docker-compose build --pull release
docker-compose up --abort-on-container-exit test


The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1 as the host environment I get the following error:



Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.


I checked the git permissions and everything looks kosher:



edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]


I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.



Locally I get:



test_1_4d039799a73c | File permissions for bin/console are 
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>


And On the CodeBuild server I get:



File permissions for bin/console are 
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>


As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:



RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT

WORKDIR $APP_ROOT


This was part of the issue:



https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769



After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.



 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>


Not sure how to go about debugging this.










share|improve this question

























  • Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

    – Paul
    Jan 4 at 13:00











  • @Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

    – Constantine
    Jan 25 at 14:34











  • I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

    – Paul
    Jan 27 at 0:18














2












2








2


1






I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:



docker-compose build --pull release
docker-compose up --abort-on-container-exit test


The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1 as the host environment I get the following error:



Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.


I checked the git permissions and everything looks kosher:



edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]


I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.



Locally I get:



test_1_4d039799a73c | File permissions for bin/console are 
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>


And On the CodeBuild server I get:



File permissions for bin/console are 
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>


As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:



RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT

WORKDIR $APP_ROOT


This was part of the issue:



https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769



After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.



 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>


Not sure how to go about debugging this.










share|improve this question
















I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:



docker-compose build --pull release
docker-compose up --abort-on-container-exit test


The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1 as the host environment I get the following error:



Running RuboCop...
Inspecting 82 files
.................................................................................W
Offenses:
bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.


I checked the git permissions and everything looks kosher:



edit [...master ] git ls-tree HEAD bin/
100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af bin/console
100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d bin/run
100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764 bin/setup
edit [...master ]


I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.



Locally I get:



test_1_4d039799a73c | File permissions for bin/console are 
#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>


And On the CodeBuild server I get:



File permissions for bin/console are 
#<File::Stat ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>


As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:



RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app
RUN chown -R app:app $APP_ROOT

WORKDIR $APP_ROOT


This was part of the issue:



https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769



After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.



 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 
#<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>


Not sure how to go about debugging this.







ruby amazon-web-services docker aws-codebuild






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 27 '18 at 17:12







Constantine

















asked Nov 27 '18 at 14:24









ConstantineConstantine

14639




14639













  • Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

    – Paul
    Jan 4 at 13:00











  • @Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

    – Constantine
    Jan 25 at 14:34











  • I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

    – Paul
    Jan 27 at 0:18



















  • Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

    – Paul
    Jan 4 at 13:00











  • @Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

    – Constantine
    Jan 25 at 14:34











  • I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

    – Paul
    Jan 27 at 0:18

















Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00





Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00













@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34





@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34













I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18





I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53501834%2fdocker-permissions-are-different-when-running-on-codebuild%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53501834%2fdocker-permissions-are-different-when-running-on-codebuild%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

Calculate evaluation metrics using cross_val_predict sklearn

Insert data from modal to MySQL (multiple modal on website)