Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Running nginx as non-root in Docker container gives permission denied error

I have the following Dockerfile

FROM ubuntu:14.04
EXPOSE 8000

# Install nginx
RUN apt-get update -q \
    && apt-get install --no-install-recommends --no-install-suggests -y -q \
                        nginx \
    && rm -rf /var/lib/apt/lists/*

COPY ./nginx.conf /etc/nginx/
COPY ./index.html /usr/share/nginx/test/

RUN groupadd -r webgroup \
    && useradd -r -m -g webgroup webuser \
    && touch /run/nginx.pid \
    && chown -R webuser:webgroup /var/log/nginx /var/lib/nginx /run/nginx.pid 

USER webuser
CMD nginx

When I run it I get Permission denied on /var/log/nginx:

mikhails-mbp:test-docker-nginx mkuleshov$ docker run -p 8000:8000 mytest
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2016/10/02 17:02:51 [emerg] 5#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)

If I get into the container with bash I see:

webuser@d190146a0e8d:/var/log/nginx$ ls -la
total 8
drwxr-x--- 2 webuser webgroup 4096 Jun  2 15:16 .
drwxrwxr-x 8 root    syslog   4096 Oct  2 17:02 ..

How is it possible? During the above session I also cannot create files under that user.

Thing that helped: Removing the /var/log/nginx and recreating it again. But I have no idea why this happens.

There is no SELinux.

Has anyone encountered anything like that or is there anything I'm doing wrong?

P.S. Here is docker info if it can help

mikhails-mbp:test-docker-nginx mkuleshov$ docker info
Containers: 179
 Running: 0
 Paused: 0
 Stopped: 179
Images: 901
Server Version: 1.11.2
Storage Driver: aufs
 Root Dir: /mnt/sda1/var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 1109
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge null host
Kernel Version: 4.4.12-boot2docker
Operating System: Boot2Docker 1.11.2 (TCL 7.1); HEAD : a6645c3 - Wed Jun  1 22:59:51 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.955 GiB
Name: default
ID: 3K5S:3QBN:BXGY:FASS:VG6P:D4CS:UXRK:GYXB:HJQG:SIQH:F6KQ:N4BN
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug mode (client): false
Debug mode (server): true
 File Descriptors: 15
 Goroutines: 32
 System Time: 2016-10-02T17:08:51.355144074Z
 EventsListeners: 0
Username: mkuleshov
Registry: https://index.docker.io/v1/
Labels:
 provider=virtualbox

P.P.S. Here is a test repo with configs for that case: https://github.com/aides/test-docker-nginx

like image 319
Aides Avatar asked Oct 02 '16 17:10

Aides


People also ask

How do I fix Docker permission is denied issue?

If running elevated Docker commands does not fix the permission denied error, verify that your Docker Engine is running. Similar to running a docker command without the sudo command, a stopped Docker Engine triggers the permission denied error. How do you fix the error? By restarting your Docker engine.

How can I run nginx container as non root user?

Add User Permissions We need to give the nginx user permissions to several files. Our working directory on the docker container will be /app . We'll copy the source code from our local machine into that folder later. The nginx user needs permission for the WORKDIR and also for /var/cache/nginx (cache), /etc/nginx/conf.

Does nginx have to run as root?

Because: Only root processes can listen to ports below 1024. A webserver typically runs at port 80 and/or 443. That means it needs to be started as root.


1 Answers

Most likely adding your user into adm group will solve your issue.

Try sudo usermod -aG adm webuser

More details: https://askubuntu.com/questions/421684/cant-access-apache-error-logs

like image 131
Egor Nazarov Avatar answered Nov 11 '22 15:11

Egor Nazarov