Docker: Got "permission denied" error at volume mounting directory

Question

I wrote a docker-compose.yml like this:

version: "3"
services:
  notebook:    
    image: jupyter/datascience-notebook
    
    ports:
      - "8888:8888"
    volumes: 
      - jupyterlabPermanent:/hahaha
    environment:
      JUPYTER_ENABLE_LAB: "yes"
      TZ: "Asia/Tokyo"
    command:
      start-notebook.sh --NotebookApp.token=''
volumes:
  jupyterlabPermanent:

Let me make it clear that what characters are appearing on the stage.

• \hahaha: container side directory which is located at the root directory
• jupyterlabPermanent: volume which is mounted by hahaha the container side directory.
• dockerjulia_jupyterlabPermanent\_data: host side directory secured for volume jupyterlabPermanent which syncronize the data located in \hahaha.Full path to dockerjulia_jupyterlabPermanent\_data is \\wsl$\docker-desktop-data\version-pack-data\community\docker\volumes\dockerjulia_jupyterlabPermanent\_data.

When I use touch command on bash at \hahaha directory, I get permission denied

# bash command line at \hahaha

(base) jovyan@4bcdaa228d9e:/hahaha$ touch test.txt
touch: cannot touch 'test.txt': Permission denied

Because of this, every tasks done in the container cannot be stored in the \hahaha and jupyterlabPermanent volume, and this means data saving is not working in this environment.

How can I solve this? I searched a bit for this, and found I need to change the configuration of permission, but I don't understand it.

I am using Docker Desktop for Windows with WSL 2 on Windows 10 Home.

Answer 1

Thank you for answering my question. The main problem was that I didn't know the existence of the concept of "owner" and "permission" of Linux system. But, an hour of research and learning let me figure out what the problem here is.

My solution 1

My first solution is to try the following command line on Host console:

docker exec -it -u 0 CONATAINER_NAME /bin/bash

Adding -u option and designating 0, the User ID of root, lets you dive into the container as you are root.

As I checked using ll command at the top directory of the container, the permissions of the files and folders at the top directory of the container appears to be dominated by root, and the hahaha is the one of them.(It means docker-compose.yml created hahaha directory for volume at the top directory)

(base) jovyan@4bcdaa228d9e:/$ ll
total 64
drwxr-xr-x   1 root root 4096 Jan 26 00:19 ./
drwxr-xr-x   1 root root 4096 Jan 26 00:19 ../
lrwxrwxrwx   1 root root    7 Jan  6 01:47 bin -> usr/bin/
drwxr-xr-x   2 root root 4096 Apr 15  2020 boot/
drwxr-xr-x   5 root root  340 Jan 26 00:19 dev/
-rwxr-xr-x   1 root root    0 Jan 26 00:19 .dockerenv*
drwxr-xr-x   1 root root 4096 Jan 26 00:19 etc/
drwxr-xr-x   2 root root 4096 Jan 27 22:18 hahaha/
drwxr-xr-x   1 root root 4096 Jan 24 20:30 home/
lrwxrwxrwx   1 root root    7 Jan  6 01:47 lib -> usr/lib/
lrwxrwxrwx   1 root root    9 Jan  6 01:47 lib32 -> usr/lib32/
lrwxrwxrwx   1 root root    9 Jan  6 01:47 lib64 -> usr/lib64/
lrwxrwxrwx   1 root root   10 Jan  6 01:47 libx32 -> usr/libx32/
drwxr-xr-x   2 root root 4096 Jan  6 01:47 media/
drwxr-xr-x   2 root root 4096 Jan  6 01:47 mnt/
drwxr-xr-x   1 root root 4096 Jan 25 02:49 opt/
dr-xr-xr-x 217 root root    0 Jan 26 00:19 proc/
drwx------   2 root root 4096 Jan  6 01:50 root/
drwxr-xr-x   5 root root 4096 Jan  6 01:50 run/
lrwxrwxrwx   1 root root    8 Jan  6 01:47 sbin -> usr/sbin/
drwxr-xr-x   2 root root 4096 Jan  6 01:47 srv/
dr-xr-xr-x  11 root root    0 Jan 26 00:19 sys/
drwxrwxrwt   2 root root 4096 Jan  6 01:50 tmp/
drwxr-xr-x   1 root root 4096 Jan  6 01:47 usr/
drwxr-xr-x   1 root root 4096 Jan  6 01:50 var/

Therefore, there was no permission for jovyan to touch something at hahaha at the top directory dominated only by root, and this is made it by diving into the container as root.

My solution 2

The second solution is to rewrite the docker-compose.yml as follows:

version: "3"
services:
  notebook:    
    image: jupyter/datascience-notebook
    
    ports:
      - "8888:8888"
    volumes: 
      # 
      - jupyterlabPermanent:/home/jovyan/hahaha # before ->  jupyterlabPermanent:/hahaha
    environment:
      JUPYTER_ENABLE_LAB: "yes"
      TZ: "Asia/Tokyo"
    command:
      start-notebook.sh --NotebookApp.token=''
volumes:
  jupyterlabPermanent:

This change lets docker-compose create container as volume mounting directory is set at /home/jovyan/hahaha. The files and folders under /home/jovyan is owned and by jovyan(not by root) so jovyan can touch some files at /home/jovyan/hahaha freely. (No need to dive into the container as root)