Docker permissions are different when running on CodeBuild

I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:

docker-compose build --pull release

docker-compose up --abort-on-container-exit test

The test stage runs the migrations, linter and specs. It runs without an issues. When I run the same exact command on CodeBuild which is using a aws/codebuild/ruby:2.5.1 as the host environment I get the following error:

Running RuboCop...

Inspecting 82 files

.................................................................................W

 Offenses:

 bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.

I checked the git permissions and everything looks kosher:

edit [...master ] git ls-tree HEAD bin/

100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af    bin/console

100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d    bin/run

100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764    bin/setup

edit [...master ]

I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.

Locally I get:

test_1_4d039799a73c | File permissions for bin/console are 

#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>

And On the CodeBuild server I get:

File permissions for bin/console are 

#<File::Stat  ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>

As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:

RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app

RUN chown -R app:app $APP_ROOT



WORKDIR $APP_ROOT

This was part of the issue:

https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769

After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.

 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 

 #<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>

Not sure how to go about debugging this.

edited Nov 27 '18 at 17:12

asked Nov 27 '18 at 14:24

Constantine

14639

Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00

@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34

I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18

add a comment |

I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:

docker-compose build --pull release

docker-compose up --abort-on-container-exit test

Running RuboCop...

Inspecting 82 files

.................................................................................W

 Offenses:

 bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.

I checked the git permissions and everything looks kosher:

edit [...master ] git ls-tree HEAD bin/

100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af    bin/console

100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d    bin/run

100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764    bin/setup

edit [...master ]

I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.

Locally I get:

test_1_4d039799a73c | File permissions for bin/console are 

#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>

And On the CodeBuild server I get:

File permissions for bin/console are 

#<File::Stat  ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>

As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:

RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app

RUN chown -R app:app $APP_ROOT



WORKDIR $APP_ROOT

This was part of the issue:

https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769

After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.

 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 

 #<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>

Not sure how to go about debugging this.

edited Nov 27 '18 at 17:12

asked Nov 27 '18 at 14:24

Constantine

14639

Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00

@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34

I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18

add a comment |

I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:

docker-compose build --pull release

docker-compose up --abort-on-container-exit test

Running RuboCop...

Inspecting 82 files

.................................................................................W

 Offenses:

 bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.

I checked the git permissions and everything looks kosher:

edit [...master ] git ls-tree HEAD bin/

100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af    bin/console

100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d    bin/run

100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764    bin/setup

edit [...master ]

I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.

Locally I get:

test_1_4d039799a73c | File permissions for bin/console are 

#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>

And On the CodeBuild server I get:

File permissions for bin/console are 

#<File::Stat  ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>

As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:

RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app

RUN chown -R app:app $APP_ROOT



WORKDIR $APP_ROOT

This was part of the issue:

https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769

After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.

 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 

 #<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>

Not sure how to go about debugging this.

edited Nov 27 '18 at 17:12

asked Nov 27 '18 at 14:24

Constantine

14639

I am using ruby:2.5.1-alpine for my application's container image. When I run make release locally, which runs the following commands:

docker-compose build --pull release

docker-compose up --abort-on-container-exit test

Running RuboCop...

Inspecting 82 files

.................................................................................W

 Offenses:

 bin/console:1:1: W: Lint/ScriptPermission: Script file console doesn't have execute permission.

I checked the git permissions and everything looks kosher:

edit [...master ] git ls-tree HEAD bin/

100755 blob ad9a02fe6ed489beb105295de771cab5fa87a6af    bin/console

100755 blob 9d87e9579b9c16c42d65301e8540888e044ba25d    bin/run

100755 blob cf5febb7c6dd34aebdb862792fa147d06a9c5764    bin/setup

edit [...master ]

I added a debug statement to see what the permissions are at the time of the tests running and here is where it diverges.

Locally I get:

test_1_4d039799a73c | File permissions for bin/console are 

#<File::Stat ino=10432530, **mode=0100755**, nlink=1, uid=1000, gid=1000,...>

And On the CodeBuild server I get:

File permissions for bin/console are 

#<File::Stat  ino=525319, **mode=0100666**, nlink=1, uid=0, gid=0, ...>

As I pasted the above I also noticed that the UID and the GID are different. So it looks like the permissions are not being set correctly:

RUN addgroup -g 1000 app && adduser -u 1000 -G app -D app

RUN chown -R app:app $APP_ROOT



WORKDIR $APP_ROOT

This was part of the issue:

https://forums.docker.com/t/not-able-to-change-permissions-for-files-and-folders-created-on-mounted-volumes/45769

After removing the volume for the stage that runs on CodeBuild the mid and gig are correct but the permissions themselves are still off.

 ·[36mcodebuild_1 |·[0m File permissions for bin/console are 

 #<File::Stat ino=2755035, mode=0100666, nlink=1, uid=1000, gid=1000...>

Not sure how to go about debugging this.

ruby amazon-web-services docker aws-codebuild

edited Nov 27 '18 at 17:12

asked Nov 27 '18 at 14:24

Constantine

14639

edited Nov 27 '18 at 17:12

asked Nov 27 '18 at 14:24

Constantine

14639

edited Nov 27 '18 at 17:12

asked Nov 27 '18 at 14:24

Constantine

14639

asked Nov 27 '18 at 14:24

Constantine

14639

asked Nov 27 '18 at 14:24

Constantine

14639

Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00

@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34

I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18

add a comment |

Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00

@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34

I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18

Did you end up finding a solution for this? I'm running into a similar issue when trying to mount a locally created directory through docker compose and get denied permission to write to it from the container

– Paul
Jan 4 at 13:00

@Paul unfortunately no. The file was not critical to my application so I wound up removing it. It is driving me crazy so if you do find an answer can you please post it here if you don;'t mind.

– Constantine
Jan 25 at 14:34

I myself found a work around and ended up copying all the files I needed from the container after the job had finished running and the container was stopped using docker cp. Not sure that's something that would solve your problem too

– Paul
Jan 27 at 0:18

add a comment |

0

active

oldest

votes

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53501834%2fdocker-permissions-are-different-when-running-on-codebuild%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Btukfyl