I’m having some trouble with “Setting the User” in the “Building Images” section in the Docker course. My local machine is running Ubuntu and when I run this command:
sudo docker build -t react-app .
I get this error from npm:
Sending build context to Docker daemon 2.248MB
Step 1/9 : FROM node:14.16.0-alpine3.13
—> 50bfd284aa0d
Step 2/9 : RUN addgroup app && adduser -S -G app app
—> Using cache
—> d6571e5eb8c6
Step 3/9 : USER app
—> Using cache
—> 21377574fca0
Step 4/9 : WORKDIR /app
—> Using cache
—> eb3d0e74d36e
Step 5/9 : COPY . .
—> Using cache
—> 88dbdd352458
Step 6/9 : RUN npm install
—> Running in 09d360a010c3
npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I’ll try to do my best with it!
npm WARN checkPermissions Missing write access to /app
npm ERR! code EACCES
npm ERR! syscall access
npm ERR! path /app
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, access ‘/app’
npm ERR! [Error: EACCES: permission denied, access ‘/app’] {
npm ERR! errno: -13,
npm ERR! code: ‘EACCES’,
npm ERR! syscall: ‘access’,
npm ERR! path: ‘/app’
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/app/.npm/_logs/2021-04-02T22_17_49_152Z-debug.log
It must be because of the way my Dockerfile is setup which is like this
FROM node:14.16.0-alpine3.13
RUN addgroup app && adduser -S -G app app
USER app
WORKDIR /app
COPY . .
RUN npm install
ENV API_URL=http://api.myapp.com/
EXPOSE 3000
CMD [“npm”, “start”]
I believe these are my permissions in that container because when I run:
/app $ ls -l
This is the output:
total 1160
-rw-rw-r-- 1 root root 184 Apr 2 21:43 Dockerfile
-rw-r–r-- 1 root root 3362 Mar 5 19:00 README.md
drwxr-xr-x 1051 root root 36864 Apr 2 21:44 node_modules
-rw-rw-r-- 1 root root 649995 Apr 2 21:45 package-lock.json
-rw-r–r-- 1 root root 813 Apr 2 00:16 package.json
drwxr-xr-x 2 root root 4096 Mar 9 16:27 public
drwxr-xr-x 2 root root 4096 Mar 9 16:27 src
-rw-r–r-- 1 root root 475840 Apr 2 00:16 yarn.lock
So this is a little different from Mosh’s permissions, namely I’m interested in the Dockerfile’s line of permissions because in it he has:
-rw-rw-r-- 1 root root 184 Apr 2 21:43 Dockerfile
Because in the second group he has “-r-” and I have “-rw”
I have the same error and try workarounds with different Dockerfile until it went through.
This one should work:
FROM node:14.16.0-alpine3.13
RUN addgroup app && adduser -S -G app app
WORKDIR /app
RUN chmod 777 /app
USER app
COPY . .
RUN npm install
ENV API_URL=http://api.myapp.com/
EXPOSE 3000
USER app
After trying different things I realized that I cannot run npm install when user is app. Also, since the app folder is owned by user app and group app, root user cannot access the directory and return an error as a result. Solution could then be allow others to rwx on folder app.
I am also having this issue when I run docker-compose up (with front-end) in vidly app:
My Dockerfile looks like this:
FROM node:14.16.0-alpine3.13
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
WORKDIR /app
USER app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3001
CMD [“npm”, “start”]
Error:
Building frontend
Step 1/9 : FROM node:14.16.0-alpine3.13
—> 50bfd284aa0d
Step 2/9 : RUN addgroup app && adduser -S -G app app
—> Using cache
—> 6ca742a1d296
Step 3/9 : USER app
—> Using cache
—> 4cda9967d9fb
Step 4/9 : WORKDIR /app
—> Using cache
—> 4c1c23db6dbb
Step 5/9 : COPY package*.json ./
—> Using cache
—> 37e4ef5cef96
Step 6/9 : RUN npm install
—> Running in b198c5c0af66
npm WARN checkPermissions Missing write access to /app
npm ERR! code EACCES
npm ERR! syscall access
npm ERR! path /app
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, access ‘/app’
npm ERR! [Error: EACCES: permission denied, access ‘/app’] {
npm ERR! errno: -13,
npm ERR! code: ‘EACCES’,
npm ERR! syscall: ‘access’,
npm ERR! path: ‘/app’
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/app/.npm/_logs/2021-04-11T19_46_52_198Z-debug.log
ERROR: Service ‘frontend’ failed to build : The command ‘/bin/sh -c npm install’ returned a non-zero code: 243
Referring to your Dockerfile just solved a 2nd issue for me.
From ~5:20 in “13- Speeding Up Builds”
I got this build error:
Step 6/11 : COPY package*.json .
When using COPY with more than one source file, the destination must be a directory and end with a /
Changing the COPY fixed that.
before:
COPY package*.json .
Just made an account to reply on this thread. After googling for some time I found this workaround:
FROM node:15.14-alpine3.11
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app
WORKDIR /app
COPY --chown=app:app . .
RUN npm install
EXPOSE 3000
DO NOT CHANGE PERMISSIONS TO 777. DO NOT RUN chmod 777 /app.
Doing so will give your app 0 security. Getting hacked can happen, but setting permissions to 777 in linux is like emailing the hacker your passwords and account details.
I have the same error, but my Dockerfile contents is almost same as instructor. Only I use different version of node with alpine. I wonder why it worked for him.
/app $ ls -l | grep node_modules
drwxr-xr-x 1 app app 26866 May 7 09:32 node_modules
@damk73
Hello, is it not a security risk that our, node_modules folder is owned by user app. So user app have the permission to overwrite the contents. So hacker can put malicious code there?
Dockerfile:
FROM node:16.0.0-alpine3.13
RUN addgroup app && adduser -S -G app app
I did some investigation into why this happens as I had the same issue and it turns out that the USER variable only applies to RUN, CMD and ENTRYPOINTS. So if WORKDIR has to create the directory, it creates it as root, regardless of what the USER is set as.
So, the way to do it is to create the directory and change the ownership to ‘app’ before the USER statement:-
RUN mkdir /app && chown app:app /app
USER app
WORKDIR /app
Not sure why it worked for Mosh though, everything I read suggested it shouldnt have.
FROM node:16.0.0-alpine3.13
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app
WORKDIR /app
COPY . .
RUN npm install
When I build the container I get this error:
npm ERR! code EACCES
npm ERR! syscall open
npm ERR! path /app/package-lock.json
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, open ‘/app/package-lock.json’
npm ERR! [Error: EACCES: permission denied, open ‘/app/package-lock.json’] {
npm ERR! errno: -13,
npm ERR! code: ‘EACCES’,
npm ERR! syscall: ‘open’,
npm ERR! path: ‘/app/package-lock.json’
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/app/.npm/_logs/2021-05-07T11_03_16_104Z-debug.log
Even though, package.lock and package.json files could be read by others users also.
Please help, why this happens? @Mosh please could you clarify
when Mosh built that I thought that it would NOT work but it turned out that IT WORKED!! Mosh courses quality are becoming really awful recently… things are not gettting properly explained. He explains things that are extremely straight fowards but then you get to such errors that you spent hours if not days troubleshooting. Shame on you Mosh
That’s for those who tried to most often posted solution over here and it doesn’t work; I refer to the solution of manually creating the directory and setting the permissions:
``
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
This does not work for me and the only solution I could find until now was the below:
Below is my Dockerfile:
FROM node:16.3.0-alpine3.13
RUN addgroup app && adduser -S -G app app
USER app WORKDIR /app
COPY --chown=app package.json .
USER root
RUN npm install
RUN chown app:app /app/node_modules
USER app
COPY --chown=app . .
ENV API_URL=https://my-great-api.ch
EXPOSE 3000
CMD ["npm", "start"]