Re: [basex-talk] Docker Volumes Permission denied
Hi Marie, thanks a lot for the follow up. Happy to hear it’s working! Best Michael
Re: [basex-talk] Docker Volumes Permission denied
I am happy to report that while chown -R 1984 ~/local-directory-data-folder didn't resolve my problem, I found a solution to my problem. In brief, I used the --chown flag on COPY to add file permissions so my Dockerfile looks something like this: FROM basex/basexhttp:8.6.4 COPY --chown=1984 webapp /srv/BaseXWeb COPY --chown=1984 data /srv/BaseXData COPY --chown=1984 repo /srv/BaseXRepo Hope this helps someone else. Marie From: "Marie Starck" To: "Michael Seiferle" Cc: basex-talk@mailman.uni-konstanz.de Sent: Tuesday, February 19, 2019 12:33:10 AM Subject: Re: [basex-talk] Docker Volumes Permission denied Thank you for this! My ultimate goal is to create my own Docker image based on the BaseX one so I will try that and keep you posted. Marie From: "Michael Seiferle" To: "Marie Starck" Cc: basex-talk@mailman.uni-konstanz.de Sent: Thursday, February 14, 2019 5:19:11 PM Subject: Re: [basex-talk] Docker Volumes Permission denied Hi Marie, thanks for your observations! The explanation for this behavior is, that the `basexhttp` Process inside the container runs as non-privileged user `basex` with an UID of 1984 & GID 0. Usually processes inside docker containers will run as root and as such will be able to read & write from all volumes you mount *inside* your container. Currently `basexhttp` does not do that. It mounts your directory from your host OS as a volume insider your container, yet the fie/folder it still belongs to its original user (in your case UID 1000) but from inside the running docker image, a USER with UID 1984 wants to write to it. This fails. Basically: chown -R 1984 ~/Projects/Architextus/basex-xquery-server/data Should make your data directory writable to that process — and if it were group writable it is still writable by your host OS. As you write repo & webapp from the host os only, there is no need to change ownership on those folders. * Another approach I/we usually take is building my own docker image derived from basexhttp and ADD my project to the image. BQ_BEGIN FROM basex/basexhttp ADD ./webapp /srv/basex/webapp ADD ./repo /srv/basex/repo ADD ./data /srv/basex/data BQ_END Any thoughts on this by other docker users? Lot’s of containers run privileged, but I am not sure if we really want this. Let me know if you need any more help! Michael BQ_BEGIN Am 12.02.2019 um 14:42 schrieb Marie Starck < marie.sta...@shaw.ca >: Hello everyone, So I am looking to add Docker to a BaseX webapp that is currently running properly on my local. In order to do that, I ran docker run -ti -d --publish 1984:1984 --publish 8984:8984 --volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData --volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb --volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo basex/basexhttp:8.6.4 And while localhost:8984 shows me the regular BaseX introduction page, none of the rest endpoints work and I get this error when I try to access the webapp from my localhost: Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24: [bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex (Permission denied)" not found. Stack Trace: - /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 I checked the permissions on my docker container and it seems that the basex user only has permissions on WEB-INF but none of the volumes, BaseXData, BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. Has anyone experienced this before? Thank you for any help or tip you could provide, Marie BQ_END
Re: [basex-talk] Docker Volumes Permission denied
Thank you for this! My ultimate goal is to create my own Docker image based on the BaseX one so I will try that and keep you posted. Marie From: "Michael Seiferle" To: "Marie Starck" Cc: basex-talk@mailman.uni-konstanz.de Sent: Thursday, February 14, 2019 5:19:11 PM Subject: Re: [basex-talk] Docker Volumes Permission denied Hi Marie, thanks for your observations! The explanation for this behavior is, that the `basexhttp` Process inside the container runs as non-privileged user `basex` with an UID of 1984 & GID 0. Usually processes inside docker containers will run as root and as such will be able to read & write from all volumes you mount *inside* your container. Currently `basexhttp` does not do that. It mounts your directory from your host OS as a volume insider your container, yet the fie/folder it still belongs to its original user (in your case UID 1000) but from inside the running docker image, a USER with UID 1984 wants to write to it. This fails. Basically: chown -R 1984 ~/Projects/Architextus/basex-xquery-server/data Should make your data directory writable to that process — and if it were group writable it is still writable by your host OS. As you write repo & webapp from the host os only, there is no need to change ownership on those folders. * Another approach I/we usually take is building my own docker image derived from basexhttp and ADD my project to the image. BQ_BEGIN FROM basex/basexhttp ADD ./webapp /srv/basex/webapp ADD ./repo /srv/basex/repo ADD ./data /srv/basex/data BQ_END Any thoughts on this by other docker users? Lot’s of containers run privileged, but I am not sure if we really want this. Let me know if you need any more help! Michael BQ_BEGIN Am 12.02.2019 um 14:42 schrieb Marie Starck < marie.sta...@shaw.ca >: Hello everyone, So I am looking to add Docker to a BaseX webapp that is currently running properly on my local. In order to do that, I ran docker run -ti -d --publish 1984:1984 --publish 8984:8984 --volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData --volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb --volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo basex/basexhttp:8.6.4 And while localhost:8984 shows me the regular BaseX introduction page, none of the rest endpoints work and I get this error when I try to access the webapp from my localhost: Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24: [bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex (Permission denied)" not found. Stack Trace: - /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 I checked the permissions on my docker container and it seems that the basex user only has permissions on WEB-INF but none of the volumes, BaseXData, BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. Has anyone experienced this before? Thank you for any help or tip you could provide, Marie BQ_END
Re: [basex-talk] Docker Volumes Permission denied
Hi Marie, thanks for your observations! The explanation for this behavior is, that the `basexhttp` Process inside the container runs as non-privileged user `basex` with an UID of 1984 & GID 0. Usually processes inside docker containers will run as root and as such will be able to read & write from all volumes you mount *inside* your container. Currently `basexhttp` does not do that. It mounts your directory from your host OS as a volume insider your container, yet the fie/folder it still belongs to its original user (in your case UID 1000) but from inside the running docker image, a USER with UID 1984 wants to write to it. This fails. Basically: > chown -R 1984 ~/Projects/Architextus/basex-xquery-server/data Should make your data directory writable to that process — and if it were group writable it is still writable by your host OS. As you write repo & webapp from the host os only, there is no need to change ownership on those folders. * Another approach I/we usually take is building my own docker image derived from basexhttp and ADD my project to the image. > FROM basex/basexhttp > ADD ./webapp /srv/basex/webapp > ADD ./repo /srv/basex/repo > ADD ./data /srv/basex/data Any thoughts on this by other docker users? Lot’s of containers run privileged, but I am not sure if we really want this. Let me know if you need any more help! Michael > Am 12.02.2019 um 14:42 schrieb Marie Starck : > > Hello everyone, > > So I am looking to add Docker to a BaseX webapp that is currently running > properly on my local. In order to do that, I ran > docker run -ti -d > --publish 1984:1984 > --publish 8984:8984 > --volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData > --volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb > --volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo > basex/basexhttp:8.6.4 > > And while localhost:8984 shows me the regular BaseX introduction page, none > of the rest endpoints work and I get this error when I try to access the > webapp from my localhost: > > Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24: > [bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex > (Permission denied)" not found. > > Stack Trace: > - /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 > > I checked the permissions on my docker container and it seems that the basex > user only has permissions on WEB-INF but none of the volumes, BaseXData, > BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. > > Has anyone experienced this before? > > Thank you for any help or tip you could provide, > > Marie >
[basex-talk] Docker Volumes Permission denied
Hello everyone, So I am looking to add Docker to a BaseX webapp that is currently running properly on my local. In order to do that, I ran docker run -ti -d --publish 1984:1984 --publish 8984:8984 --volume ~/Projects/Architextus/basex-xquery-server/data:/srv/BaseXData --volume ~/Projects/Architextus/basex-xquery-server/webapp:/srv/BaseXWeb --volume ~/Projects/Architextus/basex-xquery-server/repo:/srv/BaseXRepo basex/basexhttp:8.6.4 And while localhost:8984 shows me the regular BaseX introduction page, none of the rest endpoints work and I get this error when I try to access the webapp from my localhost: Stopped at /srv/BaseXWeb/xqm/g-holismo.xqm, 136/24: [bxerr:BXDB0002] Resource "/srv/BaseXData/DITA-AppResources/tbl.basex (Permission denied)" not found. Stack Trace: - /srv/BaseXWeb/xqm/g-holismo.xqm, 11/10 I checked the permissions on my docker container and it seems that the basex user only has permissions on WEB-INF but none of the volumes, BaseXData, BaseXRepo and BaseXWeb, those are shown as belonging to user 1000. Has anyone experienced this before? Thank you for any help or tip you could provide, Marie