[9.0.x] Docker usage may raise a permission denied

Question

[9.0.x] Docker usage may raise a permission denied

llaville opened this issue a year ago · comments

Laurent Laville commented a year ago

New Issue

Diagnose

Digest sha256:7e82b3078506c4cac55081d9c3ef19ec8e5b18f3d5da10dbc179a17a22d29e4b

Output of `docker inspect overtrue/phplint:latest` command

[
    {
        "Id": "sha256:0c573046f5b72aad60b2c96087cb4ef729f6f03a679a3258efd9766e0eaa1bb7",
        "RepoTags": [
            "overtrue/phplint:latest"
        ],
        "RepoDigests": [
            "overtrue/phplint@sha256:7e82b3078506c4cac55081d9c3ef19ec8e5b18f3d5da10dbc179a17a22d29e4b"
        ],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2023-02-19T07:43:46.96562438Z",
        "Container": "",
        "ContainerConfig": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": null,
            "Cmd": null,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "DockerVersion": "",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "PHPIZE_DEPS=autoconf \t\tdpkg-dev dpkg \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkgconf \t\tre2c",
                "PHP_INI_DIR=/usr/local/etc/php",
                "PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
                "PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
                "PHP_LDFLAGS=-Wl,-O1 -pie",
                "GPG_KEYS=39B641343D8C104B2B146DC3F9C39DC0B9698544 E60913E4DF209907D8E30D96659A97C9CF2A795A 1198C0117593497A5EC5C199286AF1F9897469DC",
                "PHP_VERSION=8.2.3",
                "PHP_URL=https://www.php.net/distributions/php-8.2.3.tar.xz",
                "PHP_ASC_URL=https://www.php.net/distributions/php-8.2.3.tar.xz.asc",
                "PHP_SHA256=b9b566686e351125d67568a33291650eb8dfa26614d205d70d82e6e92613d457"
            ],
            "Cmd": null,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "/workdir",
            "Entrypoint": [
                "/entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 97151662,
        "VirtualSize": 97151662,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/4467dde7b2af02f966039abe0ade5c35ccedffc8fe980159505cfc3d9be580b6/diff:/var/lib/docker/overlay2/4556ff0fd67ca0b6297c1212e2993721de9a47d29a998830eaf8cdd4700c9c3e/diff:/var/lib/docker/overlay2/6ac051fdc8816a0e4d0de4c66c04da20f83b28e367c222883995996fb2aca073/diff:/var/lib/docker/overlay2/e6bac2e76b806df555cad304ee507d9f81d291e1d618d0e817f1a7af95a10e63/diff:/var/lib/docker/overlay2/a470fb78c31f400fc744977777609d4c13cd734dc34d63a8b98847a14e187272/diff:/var/lib/docker/overlay2/9e35d092617cea99895450fa573859b0cb38e6d55dc73955afec8f784c9aec80/diff:/var/lib/docker/overlay2/8e01785c67b60c8fd44c1394998c945c8f14a87ae4605e09e2084ab651c18bf6/diff:/var/lib/docker/overlay2/d21969d59815ad87f9382ac553e809464279ddcc2badb2f3e794bc991b011d22/diff:/var/lib/docker/overlay2/e29805149048604f3deeb4636640e4ee80c89560e03ffc75bf5940e645dcfd06/diff:/var/lib/docker/overlay2/c9036e4c80efc8b50feb40bcfab55ab5ea3b59ec2ccda5d6528462746e5d017e/diff:/var/lib/docker/overlay2/8d0ff394ab45c687b21ddabf6a0fe34e9e7afd341873e4e55439c0b6dd29b62e/diff:/var/lib/docker/overlay2/ef41c651af8bfedc5004e03221be08e89c1d9084e058b54876c9de59a66de353/diff:/var/lib/docker/overlay2/173993b8ec13f53c9e36d3ae1de0dc2436791d549e2f89c5f2fbe4d7dcefabea/diff",
                "MergedDir": "/var/lib/docker/overlay2/315e18828f5b859f16a9bafb39ae6afaab07facd94bb7d1201b48424bb6c996e/merged",
                "UpperDir": "/var/lib/docker/overlay2/315e18828f5b859f16a9bafb39ae6afaab07facd94bb7d1201b48424bb6c996e/diff",
                "WorkDir": "/var/lib/docker/overlay2/315e18828f5b859f16a9bafb39ae6afaab07facd94bb7d1201b48424bb6c996e/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:7cd52847ad775a5ddc4b58326cf884beee34544296402c6292ed76474c686d39",
                "sha256:77c59b472c8702d20a8f53f58c04b7cf924269c857860e77ecab3a7aec3a2803",
                "sha256:db44c43654189fecca3864a4ab6d80b94f9ab8f52495f03e6096cd7d9c801dfd",
                "sha256:439ab5b1c6c808fd73a29653774032f20a18eb1bf15bb7001ba1449ff8aa3bcb",
                "sha256:ba1ad8405b986007ecd5b25a4f7cbc47775a7a142fbc6c22456a09547de11ac1",
                "sha256:ff8b98f296449d95d546c8a38a77a73492794d604ca4b37e0230f6aa9469bdbe",
                "sha256:fbccf4daf58c5c0b8ad9c54044a8cfbbc71a78d429c30ef6e39116d06b507b12",
                "sha256:a4ee5d3c8cf1a54159383fd3d54aed927155820a1c7c9ea02f7a0b4566661ed0",
                "sha256:b5eb3203e02ac33ac6f68e138988da7a956b28d0deae0cf18919ae0eb70136cc",
                "sha256:8a55dccb3711c7c45e1f53319496bc412aaeb6e3b70e7a92d0ac1d79e8573553",
                "sha256:ecc08dd5cf4c8cc30c7af9184c34d560c90a9b4dafe9445df36e48c47ef533a3",
                "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
                "sha256:79e351c651f14249363ace2ffabec7462f8e750c1ff8723a4a69a9c701b4652b",
                "sha256:bbeafc4f28750f5b6cfd4fb4019bdf1b35c163c01057b74e279ad3729ea0b8b2"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

Summary

Permission denied when running container with --user option (as recommended in documentation)

Expected behaviour

No auth error

Actual behaviour

sh: /root/.composer/vendor/bin/phplint: Permission denied

Additional Information

When running docker without --user option (root mode), all goes fine, except that we cannot delete cache if your user account is not in root group.

Laurent Laville · Answer 1 · Mon Feb 20 2023 13:45:31 GMT+0800 (China Standard Time)

This issue was fixed in the context of Docker image usage only.
We need to fix the custom PHPLint action that reuse the dockerfile, but as official GitHub doc said, we cannot have a USER directive. So an additional fix will come before closing this report.

Laurent Laville · Answer 2 · Tue Feb 21 2023 14:25:01 GMT+0800 (China Standard Time)

FYI: this issue was fixed and will be closed because a solution to issue #184 was found (keeping docker image in non-root mode)