Question 202581 in Docker Question posted in
The official documentation can be found here.

GitHub Actions + Docker Build: ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: '/nonexistent'

I have a GitHub Actions workflow where my build is failing because Docker can’t install all of libraries from my requirements.txt file.

During the COPY ./requirements.txt . step and after the packages are finished downloading, the install phase stops with the error: ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: '/nonexistent'

As I was looking through the logs, I noticed:

#7 [2/7] RUN adduser --system nonroot
#0 0.105 Adding system user `nonroot' (UID 100) ...
#0 0.105 Adding new user `nonroot' (UID 100) with group `nogroup' ...
#7 0.117 Not creating `/nonexistent'. <---???
#7 DONE 0.7s

This is a snippet from a CI workflow that succeeded yesterday:

#7 [2/7] RUN adduser --system nonroot
#0 0.099 Adding system user `nonroot' (UID 101) ...
#0 0.099 Adding new user `nonroot' (UID 101) with group `nogroup' ...
#7 0.120 Creating home directory `/home/nonroot' ...
#7 DONE 0.5s

I don’t understand what is causing this. My Dockerfile has not changed in months.

FROM python:3.10-slim

RUN adduser --system nonroot
USER nonroot

WORKDIR /home/nonroot
RUN mkdir /home/nonroot/app

COPY ./requirements.txt .
RUN pip3 install --no-cache-dir -r requirements.txt

COPY . .

CMD ["python3", "standings.py"]
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I still don't know what changed but I updated my Dockerfile to:

    FROM python:3.10-slim

ARG USERNAME=nonroot-user
ARG USER_UID=1000
ARG USER_GID=$USER_UID

RUN groupadd --gid $USER_GID $USERNAME 
    && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME

USER $USERNAME

WORKDIR /home/nonroot
RUN mkdir /home/nonroot/app


COPY ./requirements.txt .
RUN pip3 install --no-cache-dir -r requirements.txt

COPY . .

CMD ["python3", "stadiums.py"]

    then all is good. smh.


  2. 0

    There has been a change in the behaviour of adduser in relation to system users.

    TLDR;

    System users now do not get a home directory by default (actually, they get /nonexistent, which should never exist :D). If you still require to have a home directory for this system user, the --home DIR argument needs to be set.

    Full explanation

    This change happened at: https://salsa.debian.org/debian/adduser/-/merge_requests/20

    In this specific case, the python project has replaced the default python:3.10 OCI image, from Debian bullseye to bookwork, at https://github.com/docker-library/python/pull/822, which now uses the new version of adduser with the previously linked change.

    This can also be seen in the manpages of both Debian versions:

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search