C
C#6mo ago
bdcp

Docker non-root access volume for runtime image

I have this Dockerfile 
FROM mcr.microsoft.com/dotnet/runtime:8.0 AS base

USER app
RUN mkdir /home/app/data
WORKDIR /home/app

COPY ./publish .

ENTRYPOINT ["dotnet", "MyProject.dll"]
FROM mcr.microsoft.com/dotnet/runtime:8.0 AS base

USER app
RUN mkdir /home/app/data
WORKDIR /home/app

COPY ./publish .

ENTRYPOINT ["dotnet", "MyProject.dll"]
Something like File.WriteAllText("/home/app/data/file.txt", "lorem ipsum") get permission denied when the volume is mounted in linux 
 docker run --rm \
    -v ./testdata:/home/app/data \
    -e RUN_ON_STARTUP=true \
    $image_name 
 docker run --rm \
    -v ./testdata:/home/app/data \
    -e RUN_ON_STARTUP=true \
    $image_name
I've tried many things related to docker. I suspect it's how the dotnet/runtime image is setup might be the issue. But i'm not that advanced. Ideally, i would like to save the file to /data instead of /home/app/data
2 Replies
dreadfullydistinct
dreadfullydistinct6mo ago
If you run ls -l on ./testdata what are the permissions on it? You may need to run chmod o+w to give write (w) access to others (o) Since the app user is not on your system Not a huge Linux permissions expert though
bdcp
bdcpOP5mo ago
Yup that was it, i got helped on stackoverflow 
in your Dockerfile, so your application is running as the predefined app user which has UID 64198.

For you to be able to create files in the mounted directory, UID 64198 needs to be able to create files on the host in the ./testdata directory.

You can do that by giving public write access on the host using chmod o+w ./testdata.

If that's too permissive, you can create a user on the host with UID 64198 and give that user group access to the directory.
in your Dockerfile, so your application is running as the predefined app user which has UID 64198.

For you to be able to create files in the mounted directory, UID 64198 needs to be able to create files on the host in the ./testdata directory.

You can do that by giving public write access on the host using chmod o+w ./testdata.

If that's too permissive, you can create a user on the host with UID 64198 and give that user group access to the directory.
Want results from more Discord servers?
Add your server