Question posted in 
I have been trying to map volume from my host to docker container, while running jenkins, but failing.
This is what I tried so far:
I executed the following command:
docker run -p 8080:8080 -p 50000:50000 -v /var/jenkins_home:/var/jenkins_home jenkins/jenkins:lts
I am getting following error:
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
I tried a lot of things, and last I followed the following steps from this link:
Jenkins wrong volume permissions
docker run -p 8080:8080 -p 50000:50000 -it jenkins bin/bash
Once inside the container’s shell run the id command and you’ll get results like:
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
Exit the container, go to the folder you are trying to map and run:
chown -R 1000:1000 .
On my machine I do not have user 1000 so I am trying to create it but failing to do so.
useradd -u 1000 jenkins
When I run the above command, I get the following error.
useradd: UID 1000 is not unique
My machine details are as follows:
NAME="CentOS Linux"
VERSION="7 (Core)"
The OS is running on Oracle VM Virtual Box.
I have tried couple of other things, but seems to be failing.
Any pointers will be appreciated.
Thanks.
3
Answers
I did some more RnD and tried following:
I ran the following command
docker volume create jenkins_volumeThis creates a volume jenkins_volume in following directory
var/lib/docker/volumesIf i do
ll, i get the following detailsdrwxr-xr-x. 3 root root 4096 Jul 26 07:51 jenkins_volumei.e. the user and group is root.
Now if i try to run this command it works fine.
Although I am not clear to me why earlier it was not working (as in the original question), even when the id and group was root:root for
/var/jenkins_home.May be someone shed more light on this, but for now it am able to make progess.
Thanks.
tl;dr: You dont need add user jenkins with id 1000 on your host, the chown should be enough.
Privilege mismatch is a common problem you often get when using bind mounts. The user running a process inside a container does not match the bind-mount privileges it tries to access.
You can try to run the container as the host user that is allowed to access the bind mount, i.e. as the current host user
docker run --user $(id -u):$(id -g) ...Then again there might be a specific user set in the image to run a process and this trick does not work. If you choose to keep using bind mounts you can change the permissions on the bind mount like you already did, i.e.
chown -R 1000:1000 .. You dont need that user on your host system, it should still work, it will just show as user 1000 with gid 1000 on the host without a named user attached.I suggest to get used to use named mounts instead of bind mounts, it solves alot of the troubles you get with bind mounts.
I also had this problem and I will use different directory paths to avoid ambigiouty in this answer.
E.g.
-v /var/host/jenkins_home:/var/jenkins_homeFirst I would like to reproduce the error and create the directory on my host with
sudo -u root mkdir -p /var/host/jenkins_home. Since the directory is created byrootonly root has permission to access it.When I start jenkins now I will get the same error like you
To fix this problem you must change the permissions on the host filesystem so that uid 1000 and gid 1000 has access to
/var/host/jenkins_home.If I start jenkins now it will work:
When working with docker you should think in uid and gid and not in usernames, because they can differ and lead to confusion.
E.g. on my host machine the uid
1000is my userreneBut in the container it is
jenkins:EDIT
Check the permissions in the container
it should show you that
jenkinsis the owner and group of/var/jenkins_homeEDIT
So you have the following setup:
Please ensure that you run the commands on the docker host (the VM). Keep in mind that the docker host file system is different from your local (VM Host).