Search code examples
dockerdocker-compose

permission denied to run mounted file docker-compose

I am trying to mount a volume in a docker-compose file, and run a bash file in the path. But I get a Permission Denied error.

Here the docker-compose:

version: '3.8'

services:
  rabbitmq:
    image: rabbitmq:3-management
    volumes:
      - ./cmd/run_code.sh:/etc/cmd/run_code.sh:ro
      - ./conf/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
      - ./conf/definitions.json:/etc/rabbitmq/definitions.json:ro
    ports:
      - "5672:5672"
      - "15672:15672"
    command: bash -c '/etc/cmd/run_code.sh'

Here the output I get:

rabbitmq_1  | bash: line 1: /etc/cmd/run_code.sh: Permission denied

I am running on an Azure VM with Ubuntu 22.04.

What am I doing wrong?

EDIT: edited docker to the correct version, with correct paths.

Solution

  • It seems that there's an issue with the mount path you're using. I don't see that exact permission error that you've reported but I do see one saying:

    Error response from daemon: invalid volume specification: '/home/projects/so-66767896/cmd/run_code.sh:ro:rw': invalid mount config for type "bind": invalid mount path: 'ro' mount path must be absolute

    I'm also not sure where the path containing "/etc" is coming from. How are you running this config?

    If I replace your relative mount with:

        volumes:
      - ./cmd/run_code.sh:/cmd/run_code.sh:ro

    ... and make the command use that path explicitly:

        command: bash -c '/cmd/run_code.sh'

    The container runs my script (echo and exit) without issue.

    Here's the modified config in its entirety:

    version: '3.8'

services:
  rabbitmq:
    user: "${UID}:${GID}" # NOTE this addition
    image: rabbitmq:3-management
    volumes:
      - ./cmd/run_code.sh:/cmd/run_code.sh:ro
      - ./conf/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
      - ./conf/definitions.json:/etc/rabbitmq/definitions.json:ro
    ports:
      - "5672:5672"
      - "15672:15672"
    command: bash -c '/cmd/run_code.sh'

    If that does not solve the issue, then the permission issue may be related to ownership of/access to the files you're mounting. Run the id command on your host machine and see what values are in use for "uid=" and "gid=". (They're probably along the lines of 1000 or 1001 -- I believe the actual value depends how many users are setup on your system.)

    Copy those values into a file called .env alongside docker-compose.yml (create it if it doesn't exist):

    UID=1000 # this may vary
GID=1000 # this may vary

    Then try bringing your containers back up.

    NOTE: You can also specify UID and GID on the CLI as env vars when running your compose commands, if you prefer: GID=2222 UID=2222 docker-compose up

    Also, NOTE: You may be able to leverage the Z flag when mounting your files but I'm not able to test that at the moment. See: https://prefetch.net/blog/2017/09/30/using-docker-volumes-on-selinux-enabled-servers/