[docker Course 5-11] EACCESS permission denied

Hello there ,

I’m working on WSL2 with an Ubuntu-20.04 distro

During this lesson, when mosh introduces the path to volumes with the $(pwd) path (1.58min) and I try to start a new container, if I look at the logs, it says the following:

react-app@0.1.0 start /app
react-scripts start

:information_source: 「wds」: Project is running at
:information_source: 「wds」: webpack output is served from
:information_source: 「wds」: Content not from webpack is served from /app/public
:information_source: 「wds」: 404s will fallback to /
Starting the development server…

Failed to compile.

EACCES: permission denied, open ‘/app/node_modules/.cache/.eslintcache’

can anyone give me some pointers ?

After looking around for a bit, it seems to be a question of privilege access for the app user, but I’m still not very confortable with tinkering with that ^^

thanks a lot for your help, whoever you are !


1 Like

Try adding this “somewhere”: chown -R app /app
That should make the user “app” owner of the directory.
I really wonder how this worked for Mosh and does not work for us. And why he does not care to fix it.

@wdburgdorf @standm - Glad to see I’m not the only one with this issue. I’ve just gone through this course yesterday and today and am stumped on the permissions issue. Have either of you found a working solution?
Thanks for your help!

For MacOS:

sudo dscl . create /Groups/docker
sudo dseditgroup -o edit -a $USER -t user docker

BUT MAYBE WE HAVE A BAD INSTALLATION ? Understand permission requirements for Mac | Docker Documentation

I’m sure now we forgot one step:
npm install in the command line

because the docker build -t docker-app is working with this dockerfile: FROM node:current-alpine3.16

RUN addgroup app && adduser -S -G app app

FROM node:19.2-alpine

RUN addgroup app && adduser -S -G app app


COPY . .

RUN npm install

ENV API_URL=http://api.myapp.com/

USER app


CMD [“npm”, “start”]

ENTRYPOINT [“npm”, “start”]

Don’t think it is still needed for you but I will leave my not ideal solution here for felow future students of the Docker course.
Ok, so what I managed to understand:

  1. When we use volume created in advance and point it to app (container) user - then all is ok with permissions.
  2. When we use absolute path (like $(pwd):/app) docker shares host files with container and as such - shares permissions, but not by user and group names, but by UID and GID. You can run ls -ln in your project path on host and see who is the owner ( usually it will be 1000 1000, if you have only one user created except for root, and this user is your main).
    And here is the thing, by having $(pwd):/app, in your container /app will also have UID and GID 1000 1000.
    At the same time FROM node:14.16.1-alpine3.13 in Dockerfile creates user and group node with the same ids.
    And as such owner of the shared /app directory and it’s contents is node user. But in Dockerfile we set USER app, which isn’t owner of the shared node_modules folder. And when we are trying to npm start - app user doesn’t have needed permissions, from here:

EACCESS permission denied

My not ideal:wink: solution:
Add this lines after first (FROM …) line:

RUN apk -U add shadow
RUN groupmod -g 1001 node \
  && usermod -u 1001 -g 1001 node

They will change node user UID and GID to 1001. After that when creating app group it will be created with 1000 GID, which in turn will allow all users in app group have access to all shared files (if owner group of the shared files on a host has 1000 GID).

It’s not the best way to solve the problem, because if you share image to the different machine with host owner of the files 1002 - it won’t work without rebuildind.

Hope it would be helpfull for someone in the future.
Bye :hugs: