CODEWITHSUNDEEP
nginxdockerfile-permissions
melekes
melekes

Reputation: 1888

open() file failed (13: Permission denied) in nginx & docker & minikube

This only happens with docker inside minikube operating on host using minikube docker eval (minikube docker-env)

Trying to build a basic setup with Nginx serving a single file:

conf.d/example.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name localhost;
  location /file.json { root /data/; }
}

data/file.json

{"a": 1}

Run using docker nginx image:

docker run -it --rm -v "$(PWD)/conf.d:/etc/nginx/conf.d":ro -v "$(PWD)/data:/data":ro -p 8085:80 nginx

curl http://localhost/file.json gives me 2017/02/01 19:07:39 [error] 6#6: *1 open() "/data/file.json" failed (13: Permission denied)...

Cannot figure out how to make this right... Help wanted!

What I've tried so far:

  1. providing a custom command like chmod -R o+x /data && ls -la data && nginx -g "daemon off;" -rwxrwx--- 1 root 1013 11 Feb 1 13:08 /data/file.json chmod does not seem to work properly. neither chown :( $ docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'chown -R nginx:nginx /data/ && ls -la /data/ && nginx -g daemon off;"' total 8 drwxrwx--- 1 root 1013 102 Feb 1 13:08 . drwxr-xr-x 1 root root 4096 Feb 1 19:50 .. -rwxrwx--- 1 root 1013 11 Feb 1 13:08 pub_key.json

  2. setting a docker user to nginx

  3. chmod -R 777 data on host $ ls -la data drwxrwxrwx 3 antonk staff 102 Feb 1 17:08 data $ docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'ls -la /data/ && nginx -g "daemon off;"' total 8 drwxrwx--- 1 root 1013 102 Feb 1 13:08 . drwxr-xr-x 1 root root 4096 Feb 1 20:20 .. -rwxrwx--- 1 root 1013 11 Feb 1 13:08 pub_key.json

    $ docker version Client: Version: 1.13.1-rc1 API version: 1.23 Go version: go1.7.4 Git commit: 2527cfc Built: Sat Jan 28 00:43:00 2017 OS/Arch: darwin/amd64

    Server: Version: 1.11.1 API version: 1.23 (minimum version ) Go version: go1.5.4 Git commit: 5604cbe Built: Wed Apr 27 00:34:20 2016 OS/Arch: linux/amd64 Experimental: false

    minikube version: v0.15.0

https://github.com/kubernetes/minikube/issues/1067

Upvotes: 1

Views: 7778

Answers (1)

BMitch
BMitch

Reputation: 264701

When you map directories from the host directly into your container with volume mounts like these:

docker run -it --rm \
  -v "$(PWD)/conf.d:/etc/nginx/conf.d":ro -v "$(PWD)/data:/data":ro \
  -p 8085:80 nginx

The files are mounted directly in with the same uid's and file permissions you have on your host. Most likely your UID/GID on your host does not match those used inside the container. So if the files are not publicly readable on your host, they will not be readable inside the container. You can work around this with the following on your host:

chmod o+rx data && chmod o+r data/file.json

Upvotes: 1

Related Questions