Question 84852 in Docker Question posted in
The official documentation can be found here.

Docker: Got "permission denied" error at volume mounting directory

I wrote a docker-compose.yml like this:

version: "3"
services:
  notebook:    
    image: jupyter/datascience-notebook
    
    ports:
      - "8888:8888"
    volumes: 
      - jupyterlabPermanent:/hahaha
    environment:
      JUPYTER_ENABLE_LAB: "yes"
      TZ: "Asia/Tokyo"
    command:
      start-notebook.sh --NotebookApp.token=''
volumes:
  jupyterlabPermanent:

Let me make it clear that what characters are appearing on the stage.

  • hahaha: container side directory which is located at the root directory
  • jupyterlabPermanent: volume which is mounted by hahaha the container side directory.
  • dockerjulia_jupyterlabPermanent_data: host side directory secured for volume jupyterlabPermanent which syncronize the data located in hahaha.Full path to dockerjulia_jupyterlabPermanent_data is \wsl$docker-desktop-dataversion-pack-datacommunitydockervolumesdockerjulia_jupyterlabPermanent_data.

When I use touch command on bash at hahaha directory, I get permission denied

# bash command line at hahaha

(base) jovyan@4bcdaa228d9e:/hahaha$ touch test.txt
touch: cannot touch 'test.txt': Permission denied

Because of this, every tasks done in the container cannot be stored in the hahaha and jupyterlabPermanent volume, and this means data saving is not working in this environment.

How can I solve this?
I searched a bit for this, and found I need to change the configuration of permission, but I don’t understand it.

I am using Docker Desktop for Windows with WSL 2 on Windows 10 Home.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thank you for answering my question. The main problem was that I didn't know the existence of the concept of "owner" and "permission" of Linux system. But, an hour of research and learning let me figure out what the problem here is.

    My solution 1

    My first solution is to try the following command line on Host console:

    docker exec -it -u 0 CONATAINER_NAME /bin/bash

    Adding -u option and designating 0, the User ID of root, lets you dive into the container as you are root.

    As I checked using ll command at the top directory of the container, the permissions of the files and folders at the top directory of the container appears to be dominated by root, and the hahaha is the one of them.(It means docker-compose.yml created hahaha directory for volume at the top directory)

    (base) jovyan@4bcdaa228d9e:/$ ll
total 64
drwxr-xr-x   1 root root 4096 Jan 26 00:19 ./
drwxr-xr-x   1 root root 4096 Jan 26 00:19 ../
lrwxrwxrwx   1 root root    7 Jan  6 01:47 bin -> usr/bin/
drwxr-xr-x   2 root root 4096 Apr 15  2020 boot/
drwxr-xr-x   5 root root  340 Jan 26 00:19 dev/
-rwxr-xr-x   1 root root    0 Jan 26 00:19 .dockerenv*
drwxr-xr-x   1 root root 4096 Jan 26 00:19 etc/
drwxr-xr-x   2 root root 4096 Jan 27 22:18 hahaha/
drwxr-xr-x   1 root root 4096 Jan 24 20:30 home/
lrwxrwxrwx   1 root root    7 Jan  6 01:47 lib -> usr/lib/
lrwxrwxrwx   1 root root    9 Jan  6 01:47 lib32 -> usr/lib32/
lrwxrwxrwx   1 root root    9 Jan  6 01:47 lib64 -> usr/lib64/
lrwxrwxrwx   1 root root   10 Jan  6 01:47 libx32 -> usr/libx32/
drwxr-xr-x   2 root root 4096 Jan  6 01:47 media/
drwxr-xr-x   2 root root 4096 Jan  6 01:47 mnt/
drwxr-xr-x   1 root root 4096 Jan 25 02:49 opt/
dr-xr-xr-x 217 root root    0 Jan 26 00:19 proc/
drwx------   2 root root 4096 Jan  6 01:50 root/
drwxr-xr-x   5 root root 4096 Jan  6 01:50 run/
lrwxrwxrwx   1 root root    8 Jan  6 01:47 sbin -> usr/sbin/
drwxr-xr-x   2 root root 4096 Jan  6 01:47 srv/
dr-xr-xr-x  11 root root    0 Jan 26 00:19 sys/
drwxrwxrwt   2 root root 4096 Jan  6 01:50 tmp/
drwxr-xr-x   1 root root 4096 Jan  6 01:47 usr/
drwxr-xr-x   1 root root 4096 Jan  6 01:50 var/

    Therefore, there was no permission for jovyan to touch something at hahaha at the top directory dominated only by root, and this is made it by diving into the container as root.

    My solution 2

    The second solution is to rewrite the docker-compose.yml as follows:

    version: "3"
services:
  notebook:    
    image: jupyter/datascience-notebook
    
    ports:
      - "8888:8888"
    volumes: 
      # 
      - jupyterlabPermanent:/home/jovyan/hahaha # before ->  jupyterlabPermanent:/hahaha
    environment:
      JUPYTER_ENABLE_LAB: "yes"
      TZ: "Asia/Tokyo"
    command:
      start-notebook.sh --NotebookApp.token=''
volumes:
  jupyterlabPermanent:

    This change lets docker-compose create container as volume mounting directory is set at /home/jovyan/hahaha. The files and folders under /home/jovyan is owned and by jovyan(not by root) so jovyan can touch some files at /home/jovyan/hahaha freely. (No need to dive into the container as root)


  2. 0

    You need root access on the volume to change the permissions. So let’s run a plain Ubuntu container and mount the volume

    docker run -it --rm -v jupyterlabPermanent:/hahaha ubuntu

    now we can change the group ownership to GID 100 which is the group the jovyan user is a member of and also change the permissions to 775 so group members can write to it

    chown :100 /hahaha
chmod 775 /hahaha

    Now you can exit the Ubuntu container and run the jupyter container and you should be able to write to the volume.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search