Docker-node: Permission Denied for User

Created on 8 Dec 2016  路  7Comments  路  Source: nodejs/docker-node

I am trying to dockerize a node application that I am developing. In that application's package.json, I have an npm command that sets up some environment variables for me before creating a production server:

{
    "prod": "./path/to/prod.sh"
}

The contents of that production script are simple:

#!/bin/bash

source path/to/env.sh prod
node app.js

Unfortunately, when I launch my container with with CMD ["npm", "run", "prod"] with the node user created FROM node:4.6.2, I eventually get the following error:

npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm info preprod [email protected]
npm info prod [email protected]

> [email protected] prod /usr/local/app
> ./path/to/prod.sh

...

npm ERR! Tell the author that this fails on your system:
npm ERR!     ./path/to/prod.sh

I don't understand why this could be happening. The executable bit is set on all of the scripts that I reference (I've checked plenty of times). The only thing I can think of is that the node user cannot execute bash scripts.

Is this possible? If so, is there a possible fix that I can add to my Dockerfile to allow script execution?

picture nmagerko

Most helpful comment

Although I do see that --create-home is run in the node:4.6.2 Dockerfile, so I'm a bit confused there as well 馃槵

picture nmagerko on 8 Dec 2016
1 🎉1 👍1

All 7 comments

Are you able to put your Dockerfile content here? I have a feeling that it's just not finding the script file. Might be an issue in the way the file is copied or mounted in

LaurentGoderre picture LaurentGoderre on 8 Dec 2016

@LaurentGoderre I ran an interactive session and verified that I could run the script via npm run as sudo, but I cannot run the script via npm run when I su node and then try running it. I can still post my Dockerfile if that'd be helpful:

FROM node:4.6.2

# ports
EXPOSE 8080

# set the working directory
RUN  mkdir /usr/local/app
WORKDIR /usr/local/app

# install dependencies
COPY ./package.json ./package.json
RUN  npm install

# copy the the app into the container
COPY . .

# launch the app
CMD  ["npm", "run", "prod"]
nmagerko picture nmagerko on 8 Dec 2016

Shouldn't it be?

FROM node:4.6.2

# ports
EXPOSE 8080

# set the working directory
RUN  mkdir /usr/local/app
WORKDIR /usr/local/app

# install dependencies
COPY ./package.json /home/node/package.json
RUN  npm install

# copy the the app into the container
COPY . /home/node/

# launch the app
CMD  ["npm", "run", "prod"]
LaurentGoderre picture LaurentGoderre on 8 Dec 2016

I'm a bit confused. Are there supposed to be home folders in these Docker images? The image appears not to, but I wouldn't expect that either. Running COPY ./package.json /home/node/package.json for example will result in an error, since node has no home folder.

Again, I'm more convinced that the node user is lacking permissions for something I'm trying to do. Anyone should be able to execute from /usr/local, otherwise we couldn't access /usr/local/bin, right?

nmagerko picture nmagerko on 8 Dec 2016

Although I do see that --create-home is run in the node:4.6.2 Dockerfile, so I'm a bit confused there as well 馃槵

nmagerko picture nmagerko on 8 Dec 2016
1 🎉1 👍1

The create users in all the variant create a home folder for the node user. I still think you should be using absolute paths as much as possible in your scripts and the DockerfileI used your use case and got it working. Here's what I have.

Dockerfile

FROM node:alpine

# ports
EXPOSE 8080

# set the working directory
RUN  mkdir /usr/local/app
WORKDIR /usr/local/app

# install dependencies
COPY ./package.json /usr/local/app/package.json
COPY ./script.sh /usr/local/bin/script.sh
RUN  npm install

# copy the the app into the container
COPY src /usr/local/app

# launch the app
CMD  ["npm", "run", "prod"]

package.json

{
  "scripts": {
    "prod": "/usr/local/bin/script.sh"
  }
}

script.sh (which I did chmod a+x on the host)

echo "test"

It worked as expected. I run docker run --rm -u node [build_id] and I get

npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm info lifecycle @~preprod: @
npm info lifecycle @~prod: @

> @ prod /usr/local/app
> /usr/local/bin/script.sh

test
npm info lifecycle @~postprod: @
npm info ok
LaurentGoderre picture LaurentGoderre on 9 Dec 2016

I'll try what you've suggested. If you were able to get it working, I'm assuming it's something on my end, not yours.

nmagerko picture nmagerko on 9 Dec 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sam-github picture sam-github  路  4Comments
iamwillbar picture iamwillbar  路  4Comments
NodeGuy picture NodeGuy  路  4Comments
frankbaele picture frankbaele  路  3Comments
jtcmedia picture jtcmedia  路  5Comments