Docker: Permission error

I’m having some trouble with “Setting the User” in the “Building Images” section in the Docker course. My local machine is running Ubuntu and when I run this command:
sudo docker build -t react-app .

I get this error from npm:
Sending build context to Docker daemon 2.248MB
Step 1/9 : FROM node:14.16.0-alpine3.13
—> 50bfd284aa0d
Step 2/9 : RUN addgroup app && adduser -S -G app app
—> Using cache
—> d6571e5eb8c6
Step 3/9 : USER app
—> Using cache
—> 21377574fca0
Step 4/9 : WORKDIR /app
—> Using cache
—> eb3d0e74d36e
Step 5/9 : COPY . .
—> Using cache
—> 88dbdd352458
Step 6/9 : RUN npm install
—> Running in 09d360a010c3
npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I’ll try to do my best with it!
npm WARN checkPermissions Missing write access to /app
npm ERR! code EACCES
npm ERR! syscall access
npm ERR! path /app
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, access ‘/app’
npm ERR! [Error: EACCES: permission denied, access ‘/app’] {
npm ERR! errno: -13,
npm ERR! code: ‘EACCES’,
npm ERR! syscall: ‘access’,
npm ERR! path: ‘/app’
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.

npm ERR! A complete log of this run can be found in:
npm ERR! /home/app/.npm/_logs/2021-04-02T22_17_49_152Z-debug.log

It must be because of the way my Dockerfile is setup which is like this
FROM node:14.16.0-alpine3.13
RUN addgroup app && adduser -S -G app app
USER app
WORKDIR /app
COPY . .
RUN npm install
ENV API_URL=http://api.myapp.com/
EXPOSE 3000
CMD [“npm”, “start”]

I believe these are my permissions in that container because when I run:
/app $ ls -l

This is the output:
total 1160
-rw-rw-r-- 1 root root 184 Apr 2 21:43 Dockerfile
-rw-r–r-- 1 root root 3362 Mar 5 19:00 README.md
drwxr-xr-x 1051 root root 36864 Apr 2 21:44 node_modules
-rw-rw-r-- 1 root root 649995 Apr 2 21:45 package-lock.json
-rw-r–r-- 1 root root 813 Apr 2 00:16 package.json
drwxr-xr-x 2 root root 4096 Mar 9 16:27 public
drwxr-xr-x 2 root root 4096 Mar 9 16:27 src
-rw-r–r-- 1 root root 475840 Apr 2 00:16 yarn.lock

So this is a little different from Mosh’s permissions, namely I’m interested in the Dockerfile’s line of permissions because in it he has:
-rw-rw-r-- 1 root root 184 Apr 2 21:43 Dockerfile

Because in the second group he has “-r-” and I have “-rw”

3 Likes

I have this error too. would be great if someone solves it.

1 Like

anyone? please, I had this error too in section6-vidly

turns out we have to make /app and change its own to app with RUN command
RUN mkdir /app && chown app:app /app

found this solution in section7

3 Likes

Hi @damk73 Can you share the Docerfile content, please

@cpothirajan

this is my Dockerfile looks like:

FROM node:14.16.0-alpine3.13

RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app

WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .

EXPOSE 3000

CMD [“npm”, “start”]

9 Likes

Thanks @damk73
This worked.

@rushcode

I have the same error and try workarounds with different Dockerfile until it went through.

This one should work:

FROM node:14.16.0-alpine3.13
RUN addgroup app && adduser -S -G app app
WORKDIR /app
RUN chmod 777 /app
USER app
COPY . .
RUN npm install
ENV API_URL=http://api.myapp.com/
EXPOSE 3000
USER app

After trying different things I realized that I cannot run npm install when user is app. Also, since the app folder is owned by user app and group app, root user cannot access the directory and return an error as a result. Solution could then be allow others to rwx on folder app.

I am also having this issue when I run docker-compose up (with front-end) in vidly app:

My Dockerfile looks like this:

FROM node:14.16.0-alpine3.13

RUN addgroup app && adduser -S -G app app

RUN mkdir /app && chown app:app /app

WORKDIR /app

USER app

COPY package*.json ./

RUN npm install

COPY . .

EXPOSE 3001

CMD [“npm”, “start”]

Error:

Building frontend
Step 1/9 : FROM node:14.16.0-alpine3.13
—> 50bfd284aa0d
Step 2/9 : RUN addgroup app && adduser -S -G app app
—> Using cache
—> 6ca742a1d296
Step 3/9 : USER app
—> Using cache
—> 4cda9967d9fb
Step 4/9 : WORKDIR /app
—> Using cache
—> 4c1c23db6dbb
Step 5/9 : COPY package*.json ./
—> Using cache
—> 37e4ef5cef96
Step 6/9 : RUN npm install
—> Running in b198c5c0af66
npm WARN checkPermissions Missing write access to /app
npm ERR! code EACCES
npm ERR! syscall access
npm ERR! path /app
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, access ‘/app’
npm ERR! [Error: EACCES: permission denied, access ‘/app’] {
npm ERR! errno: -13,
npm ERR! code: ‘EACCES’,
npm ERR! syscall: ‘access’,
npm ERR! path: ‘/app’
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.

npm ERR! A complete log of this run can be found in:
npm ERR! /home/app/.npm/_logs/2021-04-11T19_46_52_198Z-debug.log
ERROR: Service ‘frontend’ failed to build : The command ‘/bin/sh -c npm install’ returned a non-zero code: 243

1 Like

I think you should move ``USER app before WORKDIR /app

Referring to your Dockerfile just solved a 2nd issue for me.

From ~5:20 in “13- Speeding Up Builds”

I got this build error:
Step 6/11 : COPY package*.json .
When using COPY with more than one source file, the destination must be a directory and end with a /

Changing the COPY fixed that.
before:
COPY package*.json .

after:
COPY package*.json ./

A quick solution. Just use default user and group.

Before reaching docker-compose tutorial section, below command worked:

RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app

salad@2021:~/Desktop/vidly$ docker exec -it e2 sh
I realized the docker containers discarded everything “app” user for “node” user:

Comment out the switch user line and let docker use the user of it’s choice

# USER app

Still the question is how not to have custom user overridden by docker-compose up?

1 Like

Just made an account to reply on this thread. After googling for some time I found this workaround:

FROM node:15.14-alpine3.11
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app
WORKDIR /app
COPY --chown=app:app . .
RUN npm install
EXPOSE 3000

DO NOT CHANGE PERMISSIONS TO 777. DO NOT RUN chmod 777 /app.
Doing so will give your app 0 security. Getting hacked can happen, but setting permissions to 777 in linux is like emailing the hacker your passwords and account details.

I have the same error, but my Dockerfile contents is almost same as instructor. Only I use different version of node with alpine. I wonder why it worked for him.

/app $ ls -l | grep node_modules
drwxr-xr-x    1 app      app          26866 May  7 09:32 node_modules

@damk73
Hello, is it not a security risk that our, node_modules folder is owned by user app. So user app have the permission to overwrite the contents. So hacker can put malicious code there?

Dockerfile:
FROM node:16.0.0-alpine3.13
RUN addgroup app && adduser -S -G app app

RUN mkdir /app && chown app:app /app
WORKDIR /app

COPY . .

RUN npm install
EXPOSE 3000

USER app

CMD npm start

I did some investigation into why this happens as I had the same issue and it turns out that the USER variable only applies to RUN, CMD and ENTRYPOINTS. So if WORKDIR has to create the directory, it creates it as root, regardless of what the USER is set as.

So, the way to do it is to create the directory and change the ownership to ‘app’ before the USER statement:-

RUN mkdir /app && chown app:app /app
USER app
WORKDIR /app

Not sure why it worked for Mosh though, everything I read suggested it shouldnt have. :thinking:

My Dockerfile is:

FROM node:16.0.0-alpine3.13
RUN addgroup app && adduser -S -G app app
RUN mkdir /app && chown app:app /app
USER app
WORKDIR /app
COPY . .
RUN npm install

When I build the container I get this error:

npm ERR! code EACCES
npm ERR! syscall open
npm ERR! path /app/package-lock.json
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, open ‘/app/package-lock.json’
npm ERR! [Error: EACCES: permission denied, open ‘/app/package-lock.json’] {
npm ERR! errno: -13,
npm ERR! code: ‘EACCES’,
npm ERR! syscall: ‘open’,
npm ERR! path: ‘/app/package-lock.json’
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.

npm ERR! A complete log of this run can be found in:
npm ERR! /home/app/.npm/_logs/2021-05-07T11_03_16_104Z-debug.log

Even though, package.lock and package.json files could be read by others users also.
Please help, why this happens?
@programmingwithmosh please could you clarify

Thanks! This worked for me. :grinning_face_with_smiling_eyes:

when Mosh built that I thought that it would NOT work but it turned out that IT WORKED!! Mosh courses quality are becoming really awful recently… things are not gettting properly explained. He explains things that are extremely straight fowards but then you get to such errors that you spent hours if not days troubleshooting. Shame on you Mosh

That’s for those who tried to most often posted solution over here and it doesn’t work; I refer to the solution of manually creating the directory and setting the permissions:
``

RUN addgroup app && adduser -S -G app app                                                                                                               
RUN mkdir /app && chown app:app /app

This does not work for me and the only solution I could find until now was the below:
Below is my Dockerfile:


FROM node:16.3.0-alpine3.13                                                                                                                             
RUN addgroup app && adduser -S -G app app                                                                                                               
USER app                                                                                                                                                 WORKDIR /app                                                                                                                                            
COPY --chown=app package.json .                                                                                                                         
                                                                                                                                                                                                                                                                  
USER root                                                                                                                                               
RUN npm install                                                                                                                                         
RUN chown app:app /app/node_modules                                                                                                                     
USER app                                                                                                                                                
                                                                                                                                                         
COPY --chown=app . .                                                                                                                                    
ENV API_URL=https://my-great-api.ch                                                                                                                     
EXPOSE 3000                                                                                                                                             
CMD ["npm", "start"]