Docker Node permission denied when using non-root user

Question

When I try to run node as a docker container with a non-root user, it says:

ERROR: for node Cannot start service node: OCI runtime create failed: container_linux.go:348: starting container process caused "chdir to cwd (\"/foo\") set in config.json failed: permission denied": unknown

My docker-compose.yml looks like this:

...
node:
  image: node:latest
  container_name: my_node_thingy
  ports:
    - "3003:3000"
  user: "node"
  working_dir: /foo
  volumes:
    - /var/project:/foo/
  command: "node /foo/app.js"
  networks:
    - my-network
...

When I set "root" as the user, it works fine but when creating a new one by doing the following, the container wont start:

adduser --disabled-password --gecos '' node
adduser node sudo
echo "node ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/node

Could someone please explain to me how to set up the user properly?

Answer 1

If you have permission to do chmod -R 777 /var/project, please do it, then everything is ok, you can continue use user: node.

If you do not have permission, why not clone your code in a folder which you have a permission then repeat above?

If you still persist to say you want to make the Dockerfile suitable for more rugged environment. Then you may have to use gosu.

You need to define a new dockerfile inherit from node:latest, in the dockerfile, install gosu.

Something like follows:

FROM node:latest
RUN GOSU_SHA=5ec5d23079e94aea5f7ed92ee8a1a34bbf64c2d4053dadf383992908a2f9dc8a \
  && curl -sSL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.9/gosu-$(dpkg --print-architecture)" \
  && chmod +x /usr/local/bin/gosu \
  && echo "$GOSU_SHA  /usr/local/bin/gosu" | sha256sum -c - 
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

And, in entrypoint.sh you need first use gosu to change the permission of /foo, then start your nodejs project.

Finally, remove command in docker-compose.yml.

Maybe change the permission of volume at host is the quicker way.