Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does simple Dockerfile give "permission denied"?

Tags:

docker

I am learning to use Docker with ROS, and I am surprised by this error message:

FROM ros:kinetic-robot-xenial

# create non-root user
ENV USERNAME ros
RUN adduser --ingroup sudo --disabled-password --gecos "" --shell /bin/bash --home /home/$USERNAME $USERNAME
RUN bash -c 'echo $USERNAME:ros | chpasswd'
ENV HOME /home/$USERNAME
USER $USERNAME

RUN apt-get update

Gives this error message

Step 7/7 : RUN apt-get update
 ---> Running in 95c40d1faadc
Reading package lists...
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
like image 400
pitosalas Avatar asked Dec 06 '25 17:12

pitosalas

2 Answers

apt-get generally needs to run as root, but once you've run a USER command, commands don't run as root any more.

You'll frequently run commands like this at the start of the Dockerfile: you want to take advantage of Docker layer caching if you can, and you'll usually be installing dependencies the rest of the Dockerfile needs. Also for layer-caching reasons, it's important to run apt-get update and other installation steps in a single step. So your Dockerfile would typically look like

FROM ros:kinetic-robot-xenial
# Still root
RUN apt-get update \
 && apt-get install ...
# Copy in application (still as root, won't be writable by other users)
COPY ...
CMD ["..."]
# Now as the last step create a user and default to running as it
RUN adduser ros
USER ros

If you need to, you can explicitly USER root to switch back to root for subsequent commands, but it's usually easier to read and maintain Dockerfiles with less user switching.

Also note that neither sudo nor user passwords are really useful in Docker. It's hard to run sudo in a script just in general and a lot of Docker things happen in scripts. Containers also almost never run things like getty or sshd that could potentially accept user passwords, and they're trivial to read back from docker history, so there's no point in setting one. Conversely, if you're in a position to get a shell in a container, you can always pass -u root to the docker run or docker exec command to get a root shell.

like image 116
David Maze Avatar answered Dec 08 '25 10:12

David Maze

switch to the root user by:

USER root

and then every command should work

like image 42
user3041840 Avatar answered Dec 08 '25 11:12

user3041840

Sign in to Comment

Related questions

How do I add PostGIS to my PostgreSQL setup using pure docker-compose
How to define Kubernetes Job using a private docker registry?
SSL_ERROR_SSL MSSQL handshake fail while seeding/migrating data in dockerized C sharp micro service
How to fix "npm ERR! Maximum call stack size exceeded" in Google Cloud Build?
Perl Mojolicious: handling proxy timeouts
Error while running ECS container with read-only root filesystem
Create a postgres database within a docker-compose.yml file
docker build a custom image from docker-compose.yml
Sql server not running inside docker in m1 processor

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!