Docker_dev image broken for users other than UID 1000


(Jay Pfaffman) #1

I saw recently that the docker_dev image had been updated, and I was hoping that would solve the problems I’ve been having, but there’s some kind of permissions error:

Migrating database...
rake aborted!
Errno::EACCES: Permission denied @ dir_s_mkdir - tmp
/src/config/boot.rb:16:in `<top (required)>'
/src/config/application.rb:1:in `require'
/src/config/application.rb:1:in `<top (required)>'
/src/Rakefile:5:in `require'
/src/Rakefile:5:in `<top (required)>'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `<main>'
(See full trace by running task with --trace)
rake aborted!
Errno::EACCES: Permission denied @ dir_s_mkdir - tmp
/src/config/boot.rb:16:in `<top (required)>'
/src/config/application.rb:1:in `require'
/src/config/application.rb:1:in `<top (required)>'
/src/Rakefile:5:in `require'
/src/Rakefile:5:in `<top (required)>'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `<main>'
(See full trace by running task with --trace)
Creating admin user...
rake aborted!
Errno::EACCES: Permission denied @ dir_s_mkdir - tmp
/src/config/boot.rb:16:in `<top (required)>'
/src/config/application.rb:1:in `require'
/src/config/application.rb:1:in `<top (required)>'
/src/Rakefile:5:in `require'
/src/Rakefile:5:in `<top (required)>'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `<main>'
(See full trace by running task with --trace)

I’ve been trying to run an importer in a production environment and have been getting similar errors, that seem to have to do with not being able to create TMP files, which I can’t make sense of.

Edit: Well, darn. It worked just fine on my development machine, but not on the customer’s machine where I’m trying to use it.

Edit: Somehow ./discourse/tmp doesn’t exist and the script is getting run as some user other than root.


(Sam Saffron) #2

I would not really call this a bug, it is a dev issue, the docker dev environment expects the user to be the first user that was created on the machine

We can improve this possibly with the uid mapping stuff docker has now, but it is tricky


(Jay Pfaffman) #3

Thanks, @sam. That’s very helpful and explains a bunch of stuff that I could previously explain only by the possible existence of demons. I feel somewhat less like I’m going crazy now.


(Jay Pfaffman) #4

I lost more hours on this than I care to admit. It worked fine on my machine, but wouldn’t work where I was trying to make it work (trying to set up an environment where a client could painlessly re-run an import). docker_dev seems like a great way for a Normal Person to be able to run an importer.

Darn. It’s not quite the “first user” as I just added a user on a Digital Ocean droplet (their image has no normal user); I added a user, added that user to the docker group and tried to run boot_dev as that user and got the same permission error.

I was hoping that this would a good-enough test and error message to add to boot_dev, but it isn’t. Is there some simple test?


if [ "$UID" != 1000 ]
then
    echo "discourse_dev expects to be run by first user (UID 1000)."
    exit 1
fi

This is getting far afield from the OP, I was hoping too that docker_dev might be a solution to my “what if I need to run a couple imports and do development on something else all at the same time” problem, but it’s not quite that yet.


(Sam Saffron) #5

Erroring out is probably the best “first thing” to do.

Longer term on boot it can re-chown everything to the correct user id or something.


(Jay Pfaffman) #6

Agreed. I can’t figure out what the test should be or what the definition of “first user” is.


(Sam Saffron) #7

You need to look a the owner user id of the files mounted via the volume.