Why Does Docker Prompt "Permission Denied" When Backing Up the Data Volume

Why does docker prompt Permission denied when backing up the data volume?

I just tried the commands you listed and they worked for me, both under an OSX platform and also a straight up linux platform. The thing is you are mounting $(pwd) (from your host) to /backup (in the ubuntu image, third docker run above).

I suspect that when you launch the command you are in a directory that is not writable? I tried to get it to fail like this:

mkdir failme
chmod 000 failme
cd failme
docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata

But, it worked :-)

So, I cd'ed into a directory that isn't writable by root:

cd /proc
root@kube:/proc# docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata
tar: /backup/backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now

Is it possible that you are starting from a directory that is not writable by root?

Please post the output to these commands: First, run:

docker run --name ins --volumes-from dbdata -v $(pwd):/backup ubuntu sleep 99999 &

(instead of the backup command command you have listed.)

then do an inspect and post those results:

docker inspect ins

And the answer turned out to be that it was the selinux causing the errors. The Original Poster found the answer:

setenforce 0

Why does docker container prompt Permission denied?

A permission denied within a container for a shared directory could be due to the fact that this shared directory is stored on a device. By default containers cannot access any devices. Adding the option $docker run --privileged allows the container to access all devices and performs Kernel calls. This is not considered as secure.

A cleaner way to share device is to use the option docker run --device=/dev/sdb (if /dev/sdb is the device you want to share).

From the man page:

  --device=[]
      Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)

  --privileged=true|false
      Give extended privileges to this container. The default is false.

      By default, Docker containers are “unprivileged” (=false) and cannot, for example, run a Docker daemon inside the Docker container. This is because by default  a  container is not allowed to access any devices. A “privileged” container is given access to all devices.

      When  the  operator  executes  docker run --privileged, Docker will enable access to all devices on the host as well as set some configuration in AppArmor to allow the container nearly all the same access to the host as processes running outside of a container on the host.

How to fix docker: Got permission denied issue

If you want to run docker as non-root user then you need to add it to the docker group.

1. Create the docker group if it does not exist

$ sudo groupadd docker

2. Add your user to the docker group.

$ sudo usermod -aG docker $USER

3. Log in to the new docker group (to avoid having to log out / log in again; but if not enough, try to reboot):

$ newgrp docker

4. Check if docker can be run without root

$ docker run hello-world

Reboot if still got error

$ reboot

Warning

The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface..

Taken from the docker official documentation:
manage-docker-as-a-non-root-user

Failed to solve with frontend Dockerfile

The name of Docker files doesn't have any extension. It's just Dockerfile with capital D and lowercase f.

You can also specify the Dockerfile name, such as docker build . -f Dockerfile.txt if you'd like to name it something else.

Chown permission denied while Docker volume binding

sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
sudo chmod g+rwx "$HOME/.docker" -R

---

Related Topics