Re: [basex-talk] Docker Volumes Permission denied

2019-02-19 Thread Michael Seiferle
Hi Marie, 

thanks a lot for the follow up.
Happy to hear it’s working!

Best
Michael

Re: [basex-talk] Docker Volumes Permission denied

2019-02-18 Thread Marie Starck
I am happy to report that while chown -R 1984 ~/local-directory-data-folder 
didn't resolve my problem, I found a solution to my problem. In brief, I used 
the --chown flag on COPY to add file permissions so my Dockerfile looks 
something like this: 

FROM basex/basexhttp:8.6.4 

COPY --chown=1984 webapp /srv/BaseXWeb 
COPY --chown=1984 data /srv/BaseXData 
COPY --chown=1984 repo /srv/BaseXRepo 

Hope this helps someone else. 

Marie 

From: "Marie Starck"  
To: "Michael Seiferle"  
Cc: basex-talk@mailman.uni-konstanz.de 
Sent: Tuesday, February 19, 2019 12:33:10 AM 
Subject: Re: [basex-talk] Docker Volumes Permission denied 

Thank you for this! My ultimate goal is to create my own Docker image based on 
the BaseX one so I will try that and keep you posted. 

Marie 


From: "Michael Seiferle"  
To: "Marie Starck"  
Cc: basex-talk@mailman.uni-konstanz.de 
Sent: Thursday, February 14, 2019 5:19:11 PM 
Subject: Re: [basex-talk] Docker Volumes Permission denied 

Hi Marie, 

thanks for your observations! 

The explanation for this behavior is, that the `basexhttp` Process inside the 
container runs as non-privileged user `basex` with an UID of 1984 & GID 0. 
Usually processes inside docker containers will run as root and as such will be 
able to read & write from all volumes you mount *inside* your container. 
Currently `basexhttp` does not do that. 
It mounts your directory from your host OS as a volume insider your container, 
yet the fie/folder it still belongs to its original user (in your case UID 
1000) but from inside the running docker image, a USER with UID 1984 wants to 
write to it. This fails. 

Basically: 


chown -R 1984 ~/Projects/Architextus/basex-xquery-server/data 


Should make your data directory writable to that process — and if it were group 
writable it is still writable by your host OS. 
As you write repo & webapp from the host os only, there is no need to change 
ownership on those folders. 

* Another approach I/we usually take is building my own docker image derived 
from basexhttp and ADD my project to the image. 


BQ_BEGIN

FROM basex/basexhttp 
ADD ./webapp /srv/basex/webapp 
ADD ./repo /srv/basex/repo 
ADD ./data /srv/basex/data 

BQ_END



Any thoughts on this by other docker users? Lot’s of containers run privileged, 
but I am not sure if we really want this. 




Let me know if you need any more help! 

Michael 







BQ_BEGIN

Am 12.02.2019 um 14:42 schrieb Marie Starck < marie.sta...@shaw.ca >: 

Hello everyone, 

So I am looking to add Docker to a BaseX webapp that is currently running 
properly on my local. In order to do that, I ran 
docker run -ti -d 
--publish 1984:1984 
--publish 8984:8984 
--volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData 
--volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb 
--volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo 
basex/basexhttp:8.6.4 

And while localhost:8984 shows me the regular BaseX introduction page, none of 
the rest endpoints work and I get this error when I try to access the webapp 
from my localhost: 

Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24:
[bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex 
(Permission denied)" not found.

Stack Trace:
- /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 

I checked the permissions on my docker container and it seems that the basex 
user only has permissions on WEB-INF but none of the volumes, BaseXData, 
BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. 

Has anyone experienced this before? 

Thank you for any help or tip you could provide, 

Marie 


BQ_END





Re: [basex-talk] Docker Volumes Permission denied

2019-02-18 Thread Marie Starck
Thank you for this! My ultimate goal is to create my own Docker image based on 
the BaseX one so I will try that and keep you posted. 

Marie 


From: "Michael Seiferle"  
To: "Marie Starck"  
Cc: basex-talk@mailman.uni-konstanz.de 
Sent: Thursday, February 14, 2019 5:19:11 PM 
Subject: Re: [basex-talk] Docker Volumes Permission denied 

Hi Marie, 

thanks for your observations! 

The explanation for this behavior is, that the `basexhttp` Process inside the 
container runs as non-privileged user `basex` with an UID of 1984 & GID 0. 
Usually processes inside docker containers will run as root and as such will be 
able to read & write from all volumes you mount *inside* your container. 
Currently `basexhttp` does not do that. 
It mounts your directory from your host OS as a volume insider your container, 
yet the fie/folder it still belongs to its original user (in your case UID 
1000) but from inside the running docker image, a USER with UID 1984 wants to 
write to it. This fails. 

Basically: 


chown -R 1984 ~/Projects/Architextus/basex-xquery-server/data 


Should make your data directory writable to that process — and if it were group 
writable it is still writable by your host OS. 
As you write repo & webapp from the host os only, there is no need to change 
ownership on those folders. 

* Another approach I/we usually take is building my own docker image derived 
from basexhttp and ADD my project to the image. 


BQ_BEGIN

FROM basex/basexhttp 
ADD ./webapp /srv/basex/webapp 
ADD ./repo /srv/basex/repo 
ADD ./data /srv/basex/data 

BQ_END



Any thoughts on this by other docker users? Lot’s of containers run privileged, 
but I am not sure if we really want this. 




Let me know if you need any more help! 

Michael 







BQ_BEGIN

Am 12.02.2019 um 14:42 schrieb Marie Starck < marie.sta...@shaw.ca >: 

Hello everyone, 

So I am looking to add Docker to a BaseX webapp that is currently running 
properly on my local. In order to do that, I ran 
docker run -ti -d 
--publish 1984:1984 
--publish 8984:8984 
--volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData 
--volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb 
--volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo 
basex/basexhttp:8.6.4 

And while localhost:8984 shows me the regular BaseX introduction page, none of 
the rest endpoints work and I get this error when I try to access the webapp 
from my localhost: 

Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24:
[bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex 
(Permission denied)" not found.

Stack Trace:
- /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 

I checked the permissions on my docker container and it seems that the basex 
user only has permissions on WEB-INF but none of the volumes, BaseXData, 
BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. 

Has anyone experienced this before? 

Thank you for any help or tip you could provide, 

Marie 


BQ_END





Re: [basex-talk] Docker Volumes Permission denied

2019-02-14 Thread Michael Seiferle
Hi Marie, 

thanks for your observations!

The explanation for this behavior is, that the `basexhttp` Process inside the 
container runs as non-privileged user `basex` with an UID of 1984 & GID 0.
Usually processes inside docker containers will run as root and as such will be 
able to read & write from all volumes you mount *inside* your container.
Currently `basexhttp` does not do that.
It mounts your directory from your host OS as a volume insider your container, 
yet the fie/folder it still belongs to its original user (in your case UID 
1000) but from inside the running docker image, a USER with UID 1984 wants to 
write to it. This fails.

Basically: 
>  chown -R 1984 ~/Projects/Architextus/basex-xquery-server/data

Should make your data directory writable to that process — and if it were group 
writable it is still writable by your host OS.
As you write repo & webapp  from the host os only, there is no need to change 
ownership on those folders.

* Another approach I/we usually take is building my own docker image derived 
from basexhttp and ADD my project to the image.

> FROM basex/basexhttp
> ADD ./webapp /srv/basex/webapp
> ADD ./repo /srv/basex/repo
> ADD ./data /srv/basex/data



Any thoughts on this by other docker users? Lot’s of containers run privileged, 
but I am not sure if we really want this.




Let me know if you  need any more help!

Michael






> Am 12.02.2019 um 14:42 schrieb Marie Starck :
> 
> Hello everyone,
> 
> So I am looking to add Docker to a BaseX webapp that is currently running 
> properly on my local. In order to do that, I ran
> docker run -ti -d
> --publish 1984:1984
> --publish 8984:8984
> --volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData
> --volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb
> --volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo
> basex/basexhttp:8.6.4
> 
> And while localhost:8984 shows me the regular BaseX introduction page, none 
> of the rest endpoints work and I get this error when I try to access the 
> webapp from my localhost:
> 
> Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24:
> [bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex 
> (Permission denied)" not found.
> 
> Stack Trace:
> - /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10
> 
> I checked the permissions on my docker container and it seems that the basex 
> user only has permissions on WEB-INF but none of the volumes, BaseXData, 
> BaseXRepo and BaseXWeb, those are shown as belonging to user 1000.
> 
> Has anyone experienced this before?
> 
> Thank you for any help or tip you could provide,
> 
> Marie
> 



[basex-talk] Docker Volumes Permission denied

2019-02-12 Thread Marie Starck
Hello everyone, 

So I am looking to add Docker to a BaseX webapp that is currently running 
properly on my local. In order to do that, I ran 
docker run -ti -d 
--publish 1984:1984 
--publish 8984:8984 
--volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData 
--volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb 
--volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo 
basex/basexhttp:8.6.4 

And while localhost:8984 shows me the regular BaseX introduction page, none of 
the rest endpoints work and I get this error when I try to access the webapp 
from my localhost: 

Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24:
[bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex 
(Permission denied)" not found.

Stack Trace:
- /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 

I checked the permissions on my docker container and it seems that the basex 
user only has permissions on WEB-INF but none of the volumes, BaseXData, 
BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. 

Has anyone experienced this before? 

Thank you for any help or tip you could provide, 

Marie