C#•4d ago

No permission for file saving when hosting .net apps on docker.

I'm learning ASP .NET and I'm trying to make a simple API that recieves files and saves them on filesystem. Everything works fine when saving locally, but when running on docker and saving to a volume I always get permission denied. The problem seems to be caused because owner of the volume is "root" but current user is "app". I'm not really sure how to change it.

21 Replies

Pobiega•4d ago

https://stackoverflow.com/questions/69938185/docker-volume-change-owner-to-non-root

Stack Overflow

Docker volume change owner to non-root

I want to create an uploads volume and set its owner to the node user. But upon running the container I find that the volume's owner is root. This is my Docker file: FROM node:12.21 RUN apt-get upd...

Pobiega•4d ago

Give this a try

Clean CockOP•4d ago

I tried to change ownership and permissions by using RUN command in dockerfile, owner is still root for some reason

jcotton42•4d ago

@Clean Cock share your Dockerfile also how you're launching the container

Clean CockOP•4d ago

# See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.

# This stage is used when running from VS in fast mode (Default for Debug configuration)
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
USER $APP_UID
WORKDIR /app
EXPOSE 8080
EXPOSE 8081


# This stage is used to build the service project
FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["Atlas_Pylkow/Atlas_Pylkow.csproj", "Atlas_Pylkow/"]
RUN dotnet restore "./Atlas_Pylkow/Atlas_Pylkow.csproj"
COPY . .
WORKDIR "/src/Atlas_Pylkow"
RUN dotnet build "./Atlas_Pylkow.csproj" -c $BUILD_CONFIGURATION -o /app/build

# This stage is used to publish the service project to be copied to the final stage
FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./Atlas_Pylkow.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

# This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
FROM base AS final
WORKDIR /app
RUN chmod chmod -R a+rw /app/images
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Atlas_Pylkow.dll"]

# See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.

# This stage is used when running from VS in fast mode (Default for Debug configuration)
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
USER $APP_UID
WORKDIR /app
EXPOSE 8080
EXPOSE 8081


# This stage is used to build the service project
FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["Atlas_Pylkow/Atlas_Pylkow.csproj", "Atlas_Pylkow/"]
RUN dotnet restore "./Atlas_Pylkow/Atlas_Pylkow.csproj"
COPY . .
WORKDIR "/src/Atlas_Pylkow"
RUN dotnet build "./Atlas_Pylkow.csproj" -c $BUILD_CONFIGURATION -o /app/build

# This stage is used to publish the service project to be copied to the final stage
FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./Atlas_Pylkow.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

# This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
FROM base AS final
WORKDIR /app
RUN chmod chmod -R a+rw /app/images
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Atlas_Pylkow.dll"]

Clean CockOP•4d ago

im launching my containers with docker compose, by clicking the green button on the top of visual studio

jcotton42•4d ago

Where is /app/images being made? also you have chmod chmod somehow

Clean CockOP•4d ago

it's after some experimenting, i tried many commands

jcotton42•4d ago

well chmod chmod doesn't make sense and again, I don't see /app/images being made in that Dockerfile

Clean CockOP•4d ago

/app seems to be in the main(?), root(?) directory, you cannot go outiside

Clean CockOP•4d ago

jcotton42•4d ago

that... doesn't answer my question as in, I don't see a mkdir /app/images in your Dockerfile, nor somewhere it could be copied from

Clean CockOP•4d ago

volumes:
      - images:/app/images

volumes:
      - images:/app/images

my docker-compose.yml does the job

jcotton42•4d ago

volumes from compose are not available during the image build process You'll want a VOLUME directive in your Dockerfile one sec

Clean CockOP•4d ago

first time hearing about that, gotta read about it

jcotton42•4d ago

@Clean Cock

# prior portions of file omitted for brevity
# This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
FROM base AS final
+ VOLUME /app/images
WORKDIR /app
- RUN chmod chmod -R a+rw /app/images
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Atlas_Pylkow.dll"]

# prior portions of file omitted for brevity
# This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
FROM base AS final
+ VOLUME /app/images
WORKDIR /app
- RUN chmod chmod -R a+rw /app/images
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Atlas_Pylkow.dll"]

the cmod should be unnecesary you also might need the USER bit again in the final stage, not sure if so, place it before VOLUME and WORKDIR

Clean CockOP•4d ago

uhm which user bit?

jcotton42•4d ago

USER $APP_UID from the very start of your Dockerfile

Clean CockOP•4d ago

System.UnauthorizedAccessException: Access to the path '/app/images/bsrzh25a.jpg' is denied.

System.UnauthorizedAccessException: Access to the path '/app/images/bsrzh25a.jpg' is denied.

FROM base AS final
USER $APP_UID
VOLUME /app/images
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "PlantApi.dll"]

FROM base AS final
USER $APP_UID
VOLUME /app/images
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "PlantApi.dll"]

jcotton42•4d ago

hm, try this 1. docker image ls, find the id of your container's image 2. docker run -it -v images:/app/images --entrypoint /bin/bash ID that will give you a shell inside the container, check your uid/gid with id, and then the owner and perms of the images dir with ls -ld /app/images actually, you'll need to apply a volume too to have the same kind of setup there, run command fixed

Clean CockOP•4d ago

im going to sleep now, sorry, ill respond how it went tommorow

Gaming

Programming

No permission for file saving when hosting .net apps on docker.

Did you find this page helpful?